Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-45822 (GCVE-0-2026-45822)
Vulnerability from cvelistv5 – Published: 2026-06-30 08:05 – Updated: 2026-06-30 12:49| Vendor | Product | Version | |
|---|---|---|---|
| SamVerschueren | decode-uri-component |
Affected:
0.1.0 , < 0.5.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45822",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T12:49:21.881218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:49:30.364Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "decode-uri-component",
"vendor": "SamVerschueren",
"versions": [
{
"lessThan": "0.5.0",
"status": "affected",
"version": "0.1.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Seal Security"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on \u0027%\u0027 producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 \u0027%ab\u0027 tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input."
}
],
"value": "decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on \u0027%\u0027 producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 \u0027%ab\u0027 tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input."
}
],
"impacts": [
{
"capecId": "CAPEC-469",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-469 HTTP DoS"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "UNREPORTED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-407",
"description": "CWE-407 Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T08:05:36.399Z",
"orgId": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"shortName": "seal"
},
"references": [
{
"url": "https://github.com/SamVerschueren/decode-uri-component/blob/00662938dc7c6241547ae8abce7785cc13ffd3f6/index.js"
},
{
"url": "https://github.com/SamVerschueren/decode-uri-component/commit/fa479dafeede7bedf04e5c89aa78f2a78c664005"
},
{
"url": "https://www.npmjs.com/package/decode-uri-component"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"assignerShortName": "seal",
"cveId": "CVE-2026-45822",
"datePublished": "2026-06-30T08:05:36.399Z",
"dateReserved": "2026-05-13T12:03:13.545Z",
"dateUpdated": "2026-06-30T12:49:30.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-45822",
"date": "2026-07-15",
"epss": "0.00304",
"percentile": "0.22361"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-45822\",\"sourceIdentifier\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\",\"published\":\"2026-06-30T09:16:25.177\",\"lastModified\":\"2026-06-30T14:33:48.520\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on \u0027%\u0027 producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 \u0027%ab\u0027 tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.\"}],\"affected\":[{\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\",\"affectedData\":[{\"vendor\":\"SamVerschueren\",\"product\":\"decode-uri-component\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"Linux\",\"macOS\",\"Windows\"],\"versions\":[{\"version\":\"0.1.0\",\"lessThan\":\"0.5.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NEGLIGIBLE\",\"Automatable\":\"YES\",\"Recovery\":\"USER\",\"valueDensity\":\"DIFFUSE\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"AMBER\"}}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-30T12:49:21.881218Z\",\"id\":\"CVE-2026-45822\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-407\"}]}],\"references\":[{\"url\":\"https://github.com/SamVerschueren/decode-uri-component/blob/00662938dc7c6241547ae8abce7785cc13ffd3f6/index.js\",\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\"},{\"url\":\"https://github.com/SamVerschueren/decode-uri-component/commit/fa479dafeede7bedf04e5c89aa78f2a78c664005\",\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\"},{\"url\":\"https://www.npmjs.com/package/decode-uri-component\",\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-15T19:19:49+00:00",
"cve": "CVE-2026-45822",
"id": "CVE-2026-45822",
"initial_release_date": "2026-06-30T08:05:36.399000+00:00",
"product_status:fixed": "3",
"product_status:known_affected": "12",
"product_status:known_not_affected": "49",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "decode-uri-component: decode-uri-component: Denial of Service via crafted input",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45822.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-45822\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-30T12:49:21.881218Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-30T12:49:26.577Z\"}}], \"cna\": {\"source\": {\"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Seal Security\"}], \"impacts\": [{\"capecId\": \"CAPEC-469\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-469 HTTP DoS\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NEGLIGIBLE\", \"version\": \"4.0\", \"Recovery\": \"USER\", \"baseScore\": 6.6, \"Automatable\": \"YES\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"DIFFUSE\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:U/V:D/RE:M/U:Amber\", \"exploitMaturity\": \"UNREPORTED\", \"providerUrgency\": \"AMBER\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"SamVerschueren\", \"product\": \"decode-uri-component\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.1.0\", \"lessThan\": \"0.5.0\", \"versionType\": \"semver\"}], \"platforms\": [\"Linux\", \"macOS\", \"Windows\"], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/SamVerschueren/decode-uri-component/blob/00662938dc7c6241547ae8abce7785cc13ffd3f6/index.js\"}, {\"url\": \"https://github.com/SamVerschueren/decode-uri-component/commit/fa479dafeede7bedf04e5c89aa78f2a78c664005\"}, {\"url\": \"https://www.npmjs.com/package/decode-uri-component\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on \u0027%\u0027 producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 \u0027%ab\u0027 tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on \u0027%\u0027 producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 \u0027%ab\u0027 tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}, {\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-407\", \"description\": \"CWE-407 Inefficient Algorithmic Complexity\"}]}], \"providerMetadata\": {\"orgId\": \"22e2d327-25fe-45d7-9f0c-dcd23b7108df\", \"shortName\": \"seal\", \"dateUpdated\": \"2026-06-30T08:05:36.399Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-45822\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T12:49:30.364Z\", \"dateReserved\": \"2026-05-13T12:03:13.545Z\", \"assignerOrgId\": \"22e2d327-25fe-45d7-9f0c-dcd23b7108df\", \"datePublished\": \"2026-06-30T08:05:36.399Z\", \"assignerShortName\": \"seal\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-45822
Vulnerability from fkie_nvd - Published: 2026-06-30 09:16 - Updated: 2026-06-30 14:33| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"platforms": [
"Linux",
"macOS",
"Windows"
],
"product": "decode-uri-component",
"vendor": "SamVerschueren",
"versions": [
{
"lessThan": "0.5.0",
"status": "affected",
"version": "0.1.0",
"versionType": "semver"
}
]
}
],
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on \u0027%\u0027 producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 \u0027%ab\u0027 tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input."
}
],
"id": "CVE-2026-45822",
"lastModified": "2026-06-30T14:33:48.520",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NEGLIGIBLE",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-45822",
"options": [
{
"exploitation": "none"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T12:49:21.881218Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-30T09:16:25.177",
"references": [
{
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"url": "https://github.com/SamVerschueren/decode-uri-component/blob/00662938dc7c6241547ae8abce7785cc13ffd3f6/index.js"
},
{
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"url": "https://github.com/SamVerschueren/decode-uri-component/commit/fa479dafeede7bedf04e5c89aa78f2a78c664005"
},
{
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"url": "https://www.npmjs.com/package/decode-uri-component"
}
],
"sourceIdentifier": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-407"
}
],
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"type": "Secondary"
}
]
}
RHSA-2026:37577
Vulnerability from csaf_redhat - Published: 2026-07-10 05:14 - Updated: 2026-07-15 15:00A flaw was found in the `decompress` component. An improper path containment check allows a local attacker to perform directory traversal. This vulnerability, when combined with unvalidated symlink creation, enables an attacker to write arbitrary files to directories outside the intended extraction target. This issue bypasses a previous fix for CVE-2020-12265.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Socket.IO, specifically within the Engine.IO protocol v4 polling transport. An unauthenticated attacker can exploit this vulnerability by sending invalid binary POST requests with a Content-Type of application/octet-stream. This improper handling of requests prevents the HTTP response from being properly closed, which can lead to the exhaustion of server-side connections and sockets. The primary consequence is a Denial of Service (DoS), making the affected service unavailable to legitimate users.
A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:dotnet8-0-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\ndotnet8.0:\n * aspnetcore-runtime-8.0-8.0.28-1.1.hum1 (aarch64, x86_64)\n * aspnetcore-runtime-dbg-8.0-8.0.28-1.1.hum1 (aarch64, x86_64)\n * aspnetcore-targeting-pack-8.0-8.0.28-1.1.hum1 (aarch64, x86_64)\n * dotnet-apphost-pack-8.0-8.0.28-1.1.hum1 (aarch64, x86_64)\n * dotnet-hostfxr-8.0-8.0.28-1.1.hum1 (aarch64, x86_64)\n * dotnet-runtime-8.0-8.0.28-1.1.hum1 (aarch64, x86_64)\n * dotnet-runtime-dbg-8.0-8.0.28-1.1.hum1 (aarch64, x86_64)\n * dotnet-sdk-8.0-8.0.128-1.1.hum1 (aarch64, x86_64)\n * dotnet-sdk-8.0-source-built-artifacts-8.0.128-1.1.hum1 (aarch64, x86_64)\n * dotnet-sdk-dbg-8.0-8.0.128-1.1.hum1 (aarch64, x86_64)\n * dotnet-targeting-pack-8.0-8.0.28-1.1.hum1 (aarch64, x86_64)\n * dotnet-templates-8.0-8.0.128-1.1.hum1 (aarch64, x86_64)\n * dotnet8.0-8.0.128-1.1.hum1.src (src)\n\nSecurity Fix(es):\n\ndotnet8.0:\n * CVE-2026-59725\n * CVE-2026-59869",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:37577",
"url": "https://access.redhat.com/errata/RHSA-2026:37577"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59725",
"url": "https://access.redhat.com/security/cve/CVE-2026-59725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59869",
"url": "https://access.redhat.com/security/cve/CVE-2026-59869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39243",
"url": "https://access.redhat.com/security/cve/CVE-2026-39243"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39245",
"url": "https://access.redhat.com/security/cve/CVE-2026-39245"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2020-12265",
"url": "https://access.redhat.com/security/cve/CVE-2020-12265"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_37577.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update",
"tracking": {
"current_release_date": "2026-07-15T15:00:03+00:00",
"generator": {
"date": "2026-07-15T15:00:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.6"
}
},
"id": "RHSA-2026:37577",
"initial_release_date": "2026-07-10T05:14:22+00:00",
"revision_history": [
{
"date": "2026-07-10T05:14:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-15T10:52:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-15T15:00:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet8-0-main@aarch64",
"product": {
"name": "dotnet8-0-main@aarch64",
"product_id": "dotnet8-0-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-8.0@8.0.28-1.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet8-0-main@x86_64",
"product": {
"name": "dotnet8-0-main@x86_64",
"product_id": "dotnet8-0-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aspnetcore-runtime-8.0@8.0.28-1.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet8-0-main@src",
"product": {
"name": "dotnet8-0-main@src",
"product_id": "dotnet8-0-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet8.0@8.0.128-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet8-0-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet8-0-main@aarch64"
},
"product_reference": "dotnet8-0-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet8-0-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet8-0-main@src"
},
"product_reference": "dotnet8-0-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet8-0-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:dotnet8-0-main@x86_64"
},
"product_reference": "dotnet8-0-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39245",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-07-09T22:01:41.172349+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498814"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `decompress` component. An improper path containment check allows a local attacker to perform directory traversal. This vulnerability, when combined with unvalidated symlink creation, enables an attacker to write arbitrary files to directories outside the intended extraction target. This issue bypasses a previous fix for CVE-2020-12265.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decompress: decompress: path traversal via indexOf containment bypass allows arbitrary file write (bypass of CVE-2020-12265 fix)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat\u0027s assessment aligns with the CVSSv3.1 base score of 6.2 (Moderate) published by CVE.org/CISA for this issue. The vulnerable safeMakeDir/indexOf path-containment check described in this CVE exists only in decompress 4.2.1, the final release that addressed the earlier CVE-2020-12265 path traversal issue. The decompress npm package is no longer maintained upstream and no 4.2.2 release was ever published, despite the CVE description referring to a fix in that version. Some Red Hat products bundle much older decompress releases (0.2.5, 3.0.0) that predate this code path entirely and are not affected by this specific issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39245"
},
{
"category": "external",
"summary": "RHBZ#2498814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39245",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39245"
},
{
"category": "external",
"summary": "https://github.com/kevva/decompress",
"url": "https://github.com/kevva/decompress"
},
{
"category": "external",
"summary": "https://github.com/kevva/decompress/issues/115",
"url": "https://github.com/kevva/decompress/issues/115"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-12265",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12265"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/decompress",
"url": "https://www.npmjs.com/package/decompress"
}
],
"release_date": "2026-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-10T05:14:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37577"
},
{
"category": "workaround",
"details": "No upstream fix is available. The decompress package is unmaintained and no 4.2.2 release was ever published. Applications should avoid extracting untrusted archives with decompress 4.2.1, or migrate to a maintained fork such as @xhmikosr/decompress.",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "decompress: decompress: path traversal via indexOf containment bypass allows arbitrary file write (bypass of CVE-2020-12265 fix)"
},
{
"cve": "CVE-2026-59725",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-07-08T16:01:21.270461+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498118"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Socket.IO, specifically within the Engine.IO protocol v4 polling transport. An unauthenticated attacker can exploit this vulnerability by sending invalid binary POST requests with a Content-Type of application/octet-stream. This improper handling of requests prevents the HTTP response from being properly closed, which can lead to the exhaustion of server-side connections and sockets. The primary consequence is a Denial of Service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "socket.io: engine.io: Socket.IO: Denial of Service via invalid binary POST requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been rated as Important. An unauthenticated remote attacker can exploit a vulnerability in the Engine.IO protocol v4 polling transport of Socket.IO by sending malformed binary POST requests. This can lead to server-side connection exhaustion and a denial of service, impacting the availability of applications utilizing Socket.IO.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59725"
},
{
"category": "external",
"summary": "RHBZ#2498118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498118"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59725",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59725"
},
{
"category": "external",
"summary": "https://github.com/socketio/socket.io/commit/fc11285e14964c2132d122164bf130c355f60671",
"url": "https://github.com/socketio/socket.io/commit/fc11285e14964c2132d122164bf130c355f60671"
},
{
"category": "external",
"summary": "https://github.com/socketio/socket.io/releases/tag/engine.io@6.6.7",
"url": "https://github.com/socketio/socket.io/releases/tag/engine.io@6.6.7"
},
{
"category": "external",
"summary": "https://github.com/socketio/socket.io/security/advisories/GHSA-r635-g3xr-vw7x",
"url": "https://github.com/socketio/socket.io/security/advisories/GHSA-r635-g3xr-vw7x"
}
],
"release_date": "2026-07-08T15:37:52.293000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-10T05:14:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37577"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "socket.io: engine.io: Socket.IO: Denial of Service via invalid binary POST requests"
},
{
"cve": "CVE-2026-59869",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-07-08T16:01:38.408322+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-yaml: js-yaml: Denial of Service via crafted YAML documents",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important. Red Hat products utilizing `js-yaml` to process untrusted YAML input are susceptible to a denial of service, as a remote attacker can provide a crafted document that consumes excessive CPU resources. This is considered Important due to the potential for service disruption without requiring authentication or complex attack vectors.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59869"
},
{
"category": "external",
"summary": "RHBZ#2498122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59869",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59869"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/24f13e79ee1343a7e30bd6f6c9d9cdbf0ac9b2b7",
"url": "https://github.com/nodeca/js-yaml/commit/24f13e79ee1343a7e30bd6f6c9d9cdbf0ac9b2b7"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/59423c6f8cdc78742ac00e25a4dd39ef16b702e4",
"url": "https://github.com/nodeca/js-yaml/commit/59423c6f8cdc78742ac00e25a4dd39ef16b702e4"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/releases/tag/3.15.0",
"url": "https://github.com/nodeca/js-yaml/releases/tag/3.15.0"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/releases/tag/4.3.0",
"url": "https://github.com/nodeca/js-yaml/releases/tag/4.3.0"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-52cp-r559-cp3m",
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-52cp-r559-cp3m"
}
],
"release_date": "2026-07-08T15:15:54.675000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-10T05:14:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37577"
},
{
"category": "workaround",
"details": "To reduce exposure, restrict the processing of untrusted YAML documents by applications that rely on `js-yaml`. Implement robust input validation and sanitization for all YAML data originating from external or untrusted sources. Consider limiting network access to services that parse YAML content to trusted networks or clients through appropriate firewall configurations.",
"product_ids": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:dotnet8-0-main@aarch64",
"Red Hat Hardened Images:dotnet8-0-main@src",
"Red Hat Hardened Images:dotnet8-0-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "js-yaml: js-yaml: Denial of Service via crafted YAML documents"
}
]
}
RHSA-2026:40262
Vulnerability from csaf_redhat - Published: 2026-07-15 19:14 - Updated: 2026-07-15 20:41A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode (Internationalized Domain Name - IDN) hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when applications use fast-uri to enforce these policies before passing the URL to another parser. A remote attacker could exploit this to circumvent security controls and potentially access unauthorized resources or perform malicious redirects.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. The Verify() method, responsible for FIDO/U2F security key types, did not properly check for user presence. This allowed signatures to be accepted without requiring a physical touch on the hardware security key. As a result, an attacker could potentially use a hardware security key in an unattended manner, bypassing a critical security control designed to ensure user intent.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the unrestricted use of the key on the remote host. This vulnerability could enable an attacker to bypass intended security controls and perform unauthorized actions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to panic and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in Prometheus, an open-source monitoring system. The `client_secret` field within the Azure Active Directory (AD) remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access to the `/-/config` HTTP API endpoint to view the Azure OAuth client secret in plaintext. This vulnerability leads to information disclosure, potentially compromising the security of integrated Azure AD services.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint (`/api/v1/read`) by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service (DoS) by crashing the Prometheus process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in the `sanitize-html` library. Under its default configuration, an attacker can embed malicious content within a disallowed `xmp` element. This vulnerability allows the attacker to bypass the HTML sanitization process, leading to stored Cross-Site Scripting (XSS). Successful exploitation can result in arbitrary code execution or information disclosure when a user views the affected content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in the `decode-uri-component` library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by submitting specially crafted input. The `decode()` function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can lead to the application becoming unresponsive and unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could send specially crafted inputs to the AES-GCM packet decoder. This could lead to an incorrectly placed cast from bytes to an integer, causing a server-side panic and resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.24 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.24",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:40262",
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-12143",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-13676",
"url": "https://access.redhat.com/security/cve/CVE-2026-13676"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32591",
"url": "https://access.redhat.com/security/cve/CVE-2026-32591"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39820",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39828",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39829",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39830",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39831",
"url": "https://access.redhat.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39832",
"url": "https://access.redhat.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39835",
"url": "https://access.redhat.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42151",
"url": "https://access.redhat.com/security/cve/CVE-2026-42151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42154",
"url": "https://access.redhat.com/security/cve/CVE-2026-42154"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42499",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42508",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44990",
"url": "https://access.redhat.com/security/cve/CVE-2026-44990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45822",
"url": "https://access.redhat.com/security/cve/CVE-2026-45822"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-46597",
"url": "https://access.redhat.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_40262.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.24",
"tracking": {
"current_release_date": "2026-07-15T20:41:58+00:00",
"generator": {
"date": "2026-07-15T20:41:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.6"
}
},
"id": "RHSA-2026:40262",
"initial_release_date": "2026-07-15T19:14:30+00:00",
"revision_history": [
{
"date": "2026-07-15T19:14:30+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-15T19:14:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-15T20:41:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1783750582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1783748318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Acac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1783749906"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1783748068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1783748468"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1783747952"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ae7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1783747905"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1784129592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1783748131"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1784125838"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ae4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1783748318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1783748068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ab6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1783747952"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1783747905"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1783748131"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1784125838"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ac51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1783748318"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1783748068"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Afdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1783747952"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1783747905"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1783748131"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1784125838"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-12143",
"cwe": {
"id": "CWE-93",
"name": "Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)"
},
"discovery_date": "2026-06-12T19:00:57.360953+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488480"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return (CR), line feed (LF), or double-quote (\") characters into the `field` argument of `FormData#append` or the `filename` option. This allows the attacker to inject additional headers or smuggle entire additional multipart parts into requests, potentially enabling them to add or override form fields and compromise data integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: form-data: Form field override via CRLF injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important impact flaw in the form-data library: a remote attacker can inject arbitrary headers or additional multipart parts via CRLF injection in field names or filenames, potentially overriding sensitive form fields and affecting data integrity.\n\nFor RHOAI and RHEL AI, severity is Moderate because affected versions appear only as a transitive npm dependency in RHOAI (dashboard, mod-arch plugins, MLflow UI) and RHEL AI 3.4 bootc images, and those products use fixed field names for uploads rather than passing untrusted user input as multipart field names or filenames. The documented exploit path is therefore not reachable in default deployments. Practical impact is limited to non-default or custom integrations that forward multipart requests using attacker-controlled field names.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-12143"
},
{
"category": "external",
"summary": "RHBZ#2488480",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488480"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-12143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-12143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12143"
},
{
"category": "external",
"summary": "https://cwe.mitre.org/data/definitions/93.html",
"url": "https://cwe.mitre.org/data/definitions/93.html"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435",
"url": "https://github.com/form-data/form-data/commit/64190db548c0179e37206858e39f27cf513e9435"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229",
"url": "https://github.com/form-data/form-data/commit/be3f3cf553978bac15a5182f1f3c3d2d38ccf229"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045",
"url": "https://github.com/form-data/form-data/commit/c7133499c2ee1b80c678e411244f4442bf902045"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-hmw2-7cc7-3qxx"
},
{
"category": "external",
"summary": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data",
"url": "https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#multipart-form-data"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/form-data",
"url": "https://www.npmjs.com/package/form-data"
}
],
"release_date": "2026-06-12T18:01:30.362000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Applications using the `form-data` library should implement strict input validation and sanitization for all field names and filenames derived from untrusted sources. This prevents the injection of control characters (CR, LF, \") that could lead to header injection or form field overrides. Deployments that exclusively use fixed or trusted field names are not impacted.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "form-data: form-data: Form field override via CRLF injection"
},
{
"cve": "CVE-2026-13676",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-06-29T14:01:55.592330+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494197"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-uri. This vulnerability occurs because fast-uri fails to properly convert Unicode (Internationalized Domain Name - IDN) hostnames for HTTP-family URLs. This can lead to a situation where security policies, such as denylists or redirect validations, are bypassed when applications use fast-uri to enforce these policies before passing the URL to another parser. A remote attacker could exploit this to circumvent security controls and potentially access unauthorized resources or perform malicious redirects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in `fast-uri` allows a remote attacker to bypass host-based security policies. Applications that rely on `fast-uri` for URL parsing and policy enforcement, such as denylists or redirect validations, can be circumvented due to inconsistent handling of Unicode hostnames. This discrepancy between `fast-uri` and other URL parsers could lead to unauthorized resource access or malicious redirects in affected Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-13676"
},
{
"category": "external",
"summary": "RHBZ#2494197",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494197"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-13676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-13676"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-13676",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13676"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-4c8g-83qw-93j6",
"url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-4c8g-83qw-93j6"
}
],
"release_date": "2026-06-29T13:22:44.674000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-uri: fast-uri: Security policy bypass due to improper Unicode hostname canonicalization"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32591",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-03-12T15:09:38.210000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446965"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the specified registry hostname without verifying that it points to a legitimate external service. An attacker with organization administrator privileges could supply a crafted hostname to force the Quay server to make requests to internal network services, cloud infrastructure endpoints, or other resources that should not be accessible from the Quay application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires the attacker to be authenticated as an organization administrator.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32591"
},
{
"category": "external",
"summary": "RHBZ#2446965",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446965"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32591",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32591"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32591",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32591"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration"
},
{
"cve": "CVE-2026-39820",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-05-07T20:01:27.800929+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467820"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package of the Go programming language. An attacker could provide specially crafted inputs to the `ParseAddress`, `ParseAddressList`, or `ParseDate` functions. This could lead to excessive consumption of CPU and memory resources, resulting in a Denial of Service (DoS) for applications processing these inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net/mail` package. Applications processing untrusted email inputs via `ParseAddress`, `ParseAddressList`, or `ParseDate` functions are susceptible to excessive resource consumption, which can lead to service unavailability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39820"
},
{
"category": "external",
"summary": "RHBZ#2467820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467820"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39820",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39820"
},
{
"category": "external",
"summary": "https://go.dev/cl/759940",
"url": "https://go.dev/cl/759940"
},
{
"category": "external",
"summary": "https://go.dev/issue/78566",
"url": "https://go.dev/issue/78566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4986",
"url": "https://pkg.go.dev/vuln/GO-2026-4986"
}
],
"release_date": "2026-05-07T19:41:19.854000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: Go net/mail: Denial of Service via crafted email inputs"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39828",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:46.775641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480687"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important security flaw in the `golang.org/x/crypto/ssh` library. When an SSH server utilizing this library is configured with specific authentication callbacks that return a `PartialSuccessError` with non-nil permissions, an attacker could bypass intended certificate restrictions, such as `force-command`. This bypass could lead to unauthorized command execution or access on affected Red Hat systems configured with multi-factor authentication and certificate-based access controls.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "RHBZ#2480687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39828"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://go.dev/cl/781621",
"url": "https://go.dev/cl/781621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79562",
"url": "https://go.dev/issue/79562"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5014",
"url": "https://pkg.go.dev/vuln/GO-2026-5014"
}
],
"release_date": "2026-05-22T02:31:26.883000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions"
},
{
"cve": "CVE-2026-39829",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-05-22T04:01:30.092249+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in golang.org/x/crypto/ssh is rated as Important. An unauthenticated remote attacker could trigger a denial of service by providing a specially crafted public key with excessively large parameters during SSH public key authentication. This could lead to prolonged CPU consumption on the server, impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "RHBZ#2480681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://go.dev/cl/781641",
"url": "https://go.dev/cl/781641"
},
{
"category": "external",
"summary": "https://go.dev/cl/781661",
"url": "https://go.dev/cl/781661"
},
{
"category": "external",
"summary": "https://go.dev/issue/79565",
"url": "https://go.dev/issue/79565"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5018",
"url": "https://pkg.go.dev/vuln/GO-2026-5018"
}
],
"release_date": "2026-05-22T02:31:27.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters"
},
{
"cve": "CVE-2026-39830",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-05-22T04:01:38.517202+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection\u0027s read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh`. A remote, unauthenticated attacker can exploit this vulnerability by sending unsolicited global request responses to an affected SSH server, leading to resource exhaustion and a denial of service. The impact is considered Important due to the potential for unauthenticated remote disruption of services utilizing the vulnerable SSH library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "RHBZ#2480684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39830",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://go.dev/cl/781640",
"url": "https://go.dev/cl/781640"
},
{
"category": "external",
"summary": "https://go.dev/cl/781664",
"url": "https://go.dev/cl/781664"
},
{
"category": "external",
"summary": "https://go.dev/issue/79564",
"url": "https://go.dev/issue/79564"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5017",
"url": "https://pkg.go.dev/vuln/GO-2026-5017"
}
],
"release_date": "2026-05-22T02:31:27.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "To mitigate this denial of service vulnerability, restrict network access to any service that utilizes the `golang.org/x/crypto/ssh` library and is exposed to untrusted networks. Implement firewall rules to allow connections only from trusted hosts or networks. This action limits the ability of malicious peers to send unsolicited global request responses. A restart of the affected service may be necessary for the new network rules to be applied effectively.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses"
},
{
"cve": "CVE-2026-39831",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-22T04:01:12.861178+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480675"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. The Verify() method, responsible for FIDO/U2F security key types, did not properly check for user presence. This allowed signatures to be accepted without requiring a physical touch on the hardware security key. As a result, an attacker could potentially use a hardware security key in an unattended manner, bypassing a critical security control designed to ensure user intent.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "RHBZ#2480675",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480675"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39831",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39831"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39831",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39831"
},
{
"category": "external",
"summary": "https://go.dev/cl/781662",
"url": "https://go.dev/cl/781662"
},
{
"category": "external",
"summary": "https://go.dev/issue/79566",
"url": "https://go.dev/issue/79566"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5019",
"url": "https://pkg.go.dev/vuln/GO-2026-5019"
}
],
"release_date": "2026-05-22T02:31:27.436000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Security key bypass due to missing user presence check"
},
{
"cve": "CVE-2026-39832",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:41.402561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480685"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the unrestricted use of the key on the remote host. This vulnerability could enable an attacker to bypass intended security controls and perform unauthorized actions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in `golang.org/x/crypto/ssh/agent` allows for a security bypass when SSH keys with destination restrictions are forwarded via an SSH agent. This flaw could lead to unintended exposure of SSH keys, enabling an attacker to use the forwarded key without the specified restrictions on remote hosts. Red Hat products utilizing `golang.org/x/crypto/ssh/agent` for key forwarding may be affected if users rely on constraint extensions for limiting key usage.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "RHBZ#2480685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39832",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39832"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39832",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39832"
},
{
"category": "external",
"summary": "https://go.dev/cl/778642",
"url": "https://go.dev/cl/778642"
},
{
"category": "external",
"summary": "https://go.dev/issue/79435",
"url": "https://go.dev/issue/79435"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5006",
"url": "https://pkg.go.dev/vuln/GO-2026-5006"
}
],
"release_date": "2026-05-22T02:31:26.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions"
},
{
"cve": "CVE-2026-39835",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-22T04:01:27.279943+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480680"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to panic and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh` affecting SSH servers that utilize `CertChecker` as a public key callback without explicitly configuring `IsUserAuthority` or `IsHostAuthority`. A remote, unauthenticated attacker can trigger a server panic by presenting a specially crafted certificate, leading to service disruption. Exploitation requires a specific, non-default configuration of the `CertChecker`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "RHBZ#2480680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480680"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39835"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39835"
},
{
"category": "external",
"summary": "https://go.dev/cl/781660",
"url": "https://go.dev/cl/781660"
},
{
"category": "external",
"summary": "https://go.dev/issue/79563",
"url": "https://go.dev/issue/79563"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5015",
"url": "https://pkg.go.dev/vuln/GO-2026-5015"
}
],
"release_date": "2026-05-22T02:31:26.982000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate"
},
{
"cve": "CVE-2026-42151",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"discovery_date": "2026-05-04T19:02:26.983660+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Prometheus, an open-source monitoring system. The `client_secret` field within the Azure Active Directory (AD) remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access to the `/-/config` HTTP API endpoint to view the Azure OAuth client secret in plaintext. This vulnerability leads to information disclosure, potentially compromising the security of integrated Azure AD services.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important information disclosure flaw in Prometheus affects instances configured to use Azure AD remote write with OAuth authentication. The client secret, intended to be a secure credential, is exposed in plaintext through the `/-/config` HTTP API endpoint. This could allow an attacker with access to this endpoint to retrieve the secret, potentially compromising integrated Azure AD services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42151"
},
{
"category": "external",
"summary": "RHBZ#2466507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42151"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18587",
"url": "https://github.com/prometheus/prometheus/pull/18587"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18590",
"url": "https://github.com/prometheus/prometheus/pull/18590"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj",
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj"
}
],
"release_date": "2026-05-04T18:12:16.917000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API"
},
{
"cve": "CVE-2026-42154",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-04T19:02:19.626646+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466505"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint (`/api/v1/read`) by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service (DoS) by crashing the Prometheus process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Prometheus, allowing an unauthenticated remote attacker to crash the Prometheus process. This could lead to service unavailability in Red Hat products that deploy Prometheus for monitoring, as the remote read endpoint does not properly validate snappy-compressed request lengths.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42154"
},
{
"category": "external",
"summary": "RHBZ#2466505",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466505"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42154",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42154"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42154",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42154"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18584",
"url": "https://github.com/prometheus/prometheus/pull/18584"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18585",
"url": "https://github.com/prometheus/prometheus/pull/18585"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/security/advisories/GHSA-8rm2-7qqf-34qm",
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-8rm2-7qqf-34qm"
}
],
"release_date": "2026-05-04T18:13:12.340000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint"
},
{
"cve": "CVE-2026-42499",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2026-05-07T20:00:51.685602+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467809"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net/mail` package within the Go standard library. A remote attacker could provide specially crafted, pathological email addresses. When these malformed email addresses are parsed by the `consumePhrase` function, it can lead to excessive resource consumption due to quadratic string concatenation, resulting in a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `net/mail` package of the Go standard library. A remote attacker can exploit this flaw by sending specially crafted email addresses, leading to excessive resource consumption and a denial of service in Go applications that parse email addresses using the affected library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42499"
},
{
"category": "external",
"summary": "RHBZ#2467809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467809"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42499",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42499"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42499"
},
{
"category": "external",
"summary": "https://go.dev/cl/771520",
"url": "https://go.dev/cl/771520"
},
{
"category": "external",
"summary": "https://go.dev/issue/78987",
"url": "https://go.dev/issue/78987"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4977",
"url": "https://pkg.go.dev/vuln/GO-2026-4977"
}
],
"release_date": "2026-05-07T19:41:18.615000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/mail: golang: net/mail: Denial of Service via pathological email address parsing"
},
{
"cve": "CVE-2026-42508",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-22T04:01:49.515058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480688"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh/knownhosts. This vulnerability occurs because the system did not correctly check for the revocation status of a SignatureKey belonging to a Certificate Authority (CA). A remote attacker could potentially exploit this by presenting a revoked key, leading to the system accepting it as valid. This could allow an attacker to bypass security checks and potentially gain unauthorized access or spoof legitimate entities.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in `golang.org/x/crypto/ssh/knownhosts` allows a remote attacker to bypass security checks. This vulnerability arises because the system fails to properly verify the revocation status of a Certificate Authority (CA) `SignatureKey`. In Red Hat environments, this could enable an attacker to present a revoked key, leading to its acceptance as valid and potentially granting unauthorized access or facilitating the spoofing of legitimate entities.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "RHBZ#2480688",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480688"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42508"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42508"
},
{
"category": "external",
"summary": "https://go.dev/cl/781220",
"url": "https://go.dev/cl/781220"
},
{
"category": "external",
"summary": "https://go.dev/issue/79568",
"url": "https://go.dev/issue/79568"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5021",
"url": "https://pkg.go.dev/vuln/GO-2026-5021"
}
],
"release_date": "2026-05-22T02:31:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey"
},
{
"cve": "CVE-2026-44486",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:30.944384+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487947"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in the Axios Node.js HTTP adapter. Red Hat products utilizing Axios in a Node.js environment with an authenticated proxy and automatic redirects enabled are susceptible. The vulnerability arises when a request, initially sent through an authenticated proxy, is redirected to a target that no longer uses the proxy, potentially leaking `Proxy-Authorization` headers containing sensitive credentials to an untrusted remote server. This risk is heightened in deployments where applications interact with untrusted HTTP origins.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44486"
},
{
"category": "external",
"summary": "RHBZ#2487947",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
"url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
}
],
"release_date": "2026-06-11T15:39:07.714000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
},
{
"cve": "CVE-2026-44487",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-06-11T17:01:34.091476+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important information disclosure flaw in Axios affecting Node.js environments. When an application uses Axios with an authenticated HTTP proxy and follows redirects from an HTTP to a non-proxied HTTPS destination, the Proxy-Authorization header may be inadvertently sent to the final origin server. This could lead to the exposure of sensitive proxy credentials to an unintended third party.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44487"
},
{
"category": "external",
"summary": "RHBZ#2487948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
"url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
}
],
"release_date": "2026-06-11T15:38:25.150000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
},
{
"cve": "CVE-2026-44488",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-11T17:01:36.836488+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487949"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A denial of service flaw was found in Axios, a JavaScript HTTP client library. This issue arises when applications utilize the `fetch` adapter, as configured request and response size limits are not properly enforced. A remote attacker could exploit this by sending or receiving excessively large data bodies, leading to resource exhaustion and potential denial of service in affected server-side applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44488"
},
{
"category": "external",
"summary": "RHBZ#2487949",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
}
],
"release_date": "2026-06-11T15:37:38.013000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
},
{
"cve": "CVE-2026-44492",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-11T17:00:56.761751+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Axios, a JavaScript HTTP client library, that allows for a proxy bypass. When a `NO_PROXY` environment variable is configured to prevent direct connections to specific IPv4 addresses, an attacker can craft a request URL using the IPv4-mapped IPv6 address format. This bypasses the intended `NO_PROXY` exclusion, routing the request through the configured proxy and potentially exposing internal services or sensitive information, such as cloud instance metadata credentials.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44492"
},
{
"category": "external",
"summary": "RHBZ#2487938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
}
],
"release_date": "2026-06-11T15:29:13.890000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
},
{
"cve": "CVE-2026-44494",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:01:12.945664+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487942"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in the Axios library allows an attacker to escalate existing prototype pollution vulnerabilities within an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. By injecting a malicious proxy configuration into the `Object.prototype`, an attacker can intercept, read, and modify all HTTP traffic, including sensitive authentication credentials, without direct user interaction. This poses a significant risk to data confidentiality and integrity in Red Hat products that utilize the Axios library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44494"
},
{
"category": "external",
"summary": "RHBZ#2487942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
"url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
}
],
"release_date": "2026-06-11T15:32:03.155000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
},
{
"cve": "CVE-2026-44495",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-06-11T17:00:53.999811+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487937"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in Axios, a promise-based HTTP client, can lead to information disclosure, including credential theft and response hijacking, or denial of service. Exploitation requires a separate prototype pollution vulnerability in the same JavaScript process, allowing an attacker to control `Object.prototype.transformResponse`. Red Hat products using affected Axios versions are at risk if another component introduces such pollution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44495"
},
{
"category": "external",
"summary": "RHBZ#2487937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
}
],
"release_date": "2026-06-11T15:33:12.433000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
},
{
"cve": "CVE-2026-44990",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-06-12T21:02:24.911971+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2488565"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `sanitize-html` library. Under its default configuration, an attacker can embed malicious content within a disallowed `xmp` element. This vulnerability allows the attacker to bypass the HTML sanitization process, leading to stored Cross-Site Scripting (XSS). Successful exploitation can result in arbitrary code execution or information disclosure when a user views the affected content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sanitize-html: `sanitize-html`: Stored Cross-Site Scripting via HTML sanitizer bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw. The `sanitize-html` library, used in Red Hat products, is susceptible to a stored Cross-Site Scripting (XSS) bypass. Malicious content within a disallowed `xmp` element can be rendered as live HTML or JavaScript due to a sanitizer bypass in the default configuration. This can lead to arbitrary code execution or information disclosure when affected content is viewed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44990"
},
{
"category": "external",
"summary": "RHBZ#2488565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2488565"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44990"
},
{
"category": "external",
"summary": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643",
"url": "https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-rpr9-rxv7-x643"
}
],
"release_date": "2026-06-12T20:39:47.065000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sanitize-html: `sanitize-html`: Stored Cross-Site Scripting via HTML sanitizer bypass"
},
{
"cve": "CVE-2026-45822",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-30T09:01:06.468966+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494807"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `decode-uri-component` library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) by submitting specially crafted input. The `decode()` function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can lead to the application becoming unresponsive and unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "decode-uri-component: decode-uri-component: Denial of Service via crafted input",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A denial of service flaw was found in the decode-uri-component npm package. The decode() function exhibits super-linear time complexity when processing input containing many percent-encoded sequences, allowing an attacker to cause significant CPU consumption and event-loop blocking. In Red Hat products where this package is bundled (OpenShift Console, Quay, Pipelines, RHOAI, and others), exploitation requires that attacker-controlled input containing crafted percent-encoded strings reaches the decode() function without prior length validation. Red Hat rates this as Moderate severity since the impact is limited to availability with no confidentiality or integrity impact, consistent with the CNA\u0027s CVSS 4.0 assessment of 6.6 Medium.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45822"
},
{
"category": "external",
"summary": "RHBZ#2494807",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494807"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45822",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45822"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45822",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45822"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/blob/00662938dc7c6241547ae8abce7785cc13ffd3f6/index.js",
"url": "https://github.com/SamVerschueren/decode-uri-component/blob/00662938dc7c6241547ae8abce7785cc13ffd3f6/index.js"
},
{
"category": "external",
"summary": "https://github.com/SamVerschueren/decode-uri-component/commit/fa479dafeede7bedf04e5c89aa78f2a78c664005",
"url": "https://github.com/SamVerschueren/decode-uri-component/commit/fa479dafeede7bedf04e5c89aa78f2a78c664005"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/decode-uri-component",
"url": "https://www.npmjs.com/package/decode-uri-component"
}
],
"release_date": "2026-06-30T08:05:36.399000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Validate and limit the length of any user-controlled input before passing it to decode-uri-component\u0027s decode() function. Inputs containing more than approximately 200 percent-encoded tokens (e.g. \u0027%ab\u0027 sequences) can trigger noticeable delays. Reject or truncate URI components exceeding a reasonable length threshold before decoding. A fix exists in the upstream repository (commit fa479daf) but has not yet been included in an npm release.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "decode-uri-component: decode-uri-component: Denial of Service via crafted input"
},
{
"cve": "CVE-2026-46597",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-05-22T04:01:21.721980+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480678"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote attacker could send specially crafted inputs to the AES-GCM packet decoder. This could lead to an incorrectly placed cast from bytes to an integer, causing a server-side panic and resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important denial of service flaw in `golang.org/x/crypto/ssh` allows a remote attacker to trigger a server-side panic by sending specially crafted inputs to the AES-GCM packet decoder. This vulnerability could lead to service unavailability in Red Hat products that incorporate and expose SSH services built with the affected `golang.org/x/crypto/ssh` component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "RHBZ#2480678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-46597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-46597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-46597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46597"
},
{
"category": "external",
"summary": "https://go.dev/cl/781620",
"url": "https://go.dev/cl/781620"
},
{
"category": "external",
"summary": "https://go.dev/issue/79561",
"url": "https://go.dev/issue/79561"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5013",
"url": "https://pkg.go.dev/vuln/GO-2026-5013"
}
],
"release_date": "2026-05-22T02:31:26.754000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-15T19:14:30+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:40262"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:381f3af2c038cb3a0d14191c1a541cc7e9752698ed3980dcd33ee91ef3752517_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:70cf72dcdc1e02b7c7958673e95b92503354c5e5475a1e4fc7ae0f5d3c03fbe0_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e7eeb4f9684e32f8199b792630e21f9f13e5efe7a511664d5777dc1a98fc4207_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cac2255c18f3a8d7e67308b07ea5b3ba0317cf2e2911321b9cc4fba45c4b2583_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3994488939804e50e226f273722d2ad3f3b6aaee6c70e52752cbc8affc36bc52_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:54cfdc97172ce2c4cef1c85b5187c3401aee0e1ba272977d099e12f59d5d4d05_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6bd95b42094007001481b27000ead5c252747f1a79fcf0801030593de163ffaf_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8f4be0a96b74ebe660bd28e9cc15ef9cc56428532fae4ad0f04562726dcc7226_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6bdc4472dea000261ce7aa6daa850f5e1253ba716de2a247df997aaf158cf20f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:b6109a8cab187a42f5f9f536fba1be506474eb532ad41d68f937606318e88364_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:fdec2d2556842d4c6cd4feb37243580c6323f16813754aaf02963ba1a23b7e96_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9f2a14e20042280f51bfec86c00ac87a5309c991efc1b8b6f1dd0afb7772c297_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ae9ba588f153ed4ad2e34936867f435cc8271b2858b00c3ce823a773c640a4f6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c51a3f7d6fc2ea1c26ba1ccfaec660d6f76cb3e656f3d1c0702d14338ded96c8_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:e4fcfcd95a0db4d1da19ba16146c51237c83129719c5550977391f2978e62ef3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:2af202af0c417c0b1bebf895cd46b15d4c6daceba48a11217f7c574a01ef5aa0_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:041665ae3ee470107c533393bdf77143d70d020d4670b73b890cbe7794401f62_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:25009b47369d945141850084b0f2f303e72e8137b547de01c7b79c66141a4ad8_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:855d3b6c7ca77ef02aaa029c45e003c80ad9e1f8bd61a7d244ff475b26e6cd98_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:4732513293f2df546416fc805ea717f2b211ebe0fc5a16d8fd2c78c24ad79eba_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:c9f851e253fca208fc6dfe8ce468824ae99dfdeb1f9cfe8cb47706a64562701e_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:f8a741914232bb80b1b3a542ad0ba3392593b4c8f9018a63f11380afdd19ceca_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted AES-GCM packet decoder inputs"
}
]
}
ubuntu-cve-2026-45822
Vulnerability from osv_ubuntu
decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 '%ab' tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "node-source-map-resolve",
"binary_version": "0.6.0+~cs2.7.3-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "node-source-map-resolve",
"purl": "pkg:deb/ubuntu/node-source-map-resolve@0.6.0+~cs2.7.3-2?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.6.0+~cs2.7.2-2",
"0.6.0+~cs2.7.3-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "node-source-map-resolve",
"binary_version": "0.6.0+~cs2.7.3-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "node-source-map-resolve",
"purl": "pkg:deb/ubuntu/node-source-map-resolve@0.6.0+~cs2.7.3-2?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.6.0+~cs2.7.3-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "node-source-map-resolve",
"binary_version": "0.6.0+~cs2.7.3-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "node-source-map-resolve",
"purl": "pkg:deb/ubuntu/node-source-map-resolve@0.6.0+~cs2.7.3-2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.6.0+~cs2.7.3-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "node-source-map-resolve",
"binary_version": "0.6.0+~cs2.7.3-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "node-source-map-resolve",
"purl": "pkg:deb/ubuntu/node-source-map-resolve@0.6.0+~cs2.7.3-2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.6.0+~cs2.7.3-2"
]
}
],
"aliases": [],
"details": "decode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on \u0027%\u0027 producing N tokens and calls decodeComponents(), exhibiting super-linear parsing time: 200 \u0027%ab\u0027 tokens takes approximately 0.7s, 700 tokens approximately 6s, and 1400 tokens approximately 33s. An attacker can cause significant CPU consumption and event-loop blocking via crafted input.",
"id": "UBUNTU-CVE-2026-45822",
"modified": "2026-07-01T21:24:53Z",
"published": "2026-06-30T09:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-45822"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45822"
},
{
"type": "REPORT",
"url": "https://github.com/SamVerschueren/decode-uri-component/blob/00662938dc7c6241547ae8abce7785cc13ffd3f6/index.js"
},
{
"type": "REPORT",
"url": "https://github.com/SamVerschueren/decode-uri-component/commit/fa479dafeede7bedf04e5c89aa78f2a78c664005"
},
{
"type": "REPORT",
"url": "https://www.npmjs.com/package/decode-uri-component"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/S:N/AU:Y/R:U/V:D/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-45822"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.