Vulnerability-Lookup

CVE-2026-26007 (GCVE-0-2026-26007)

Vulnerability from cvelistv5 – Published: 2026-02-10 21:42 – Updated: 2026-02-11 21:28

Title

cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Summary

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.

Severity ?

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-345 - Insufficient Verification of Data Authenticity

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	pyca	cryptography	Affected: < 46.0.5

GHSA-R6PH-V2QM-Q3C2

Vulnerability from github – Published: 2026-02-10 21:27 – Updated: 2026-02-11 14:14

Summary

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves

Details

Vulnerability Summary

The public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve.

This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup.

Only SECT curves are impacted by this.

Credit

This vulnerability was discovered by: - XlabAI Team of Tencent Xuanwu Lab - Atuin Automated Vulnerability Discovery Engine

Severity ?

8.2 (High)


                  
                    CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 46.0.4"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "cryptography"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "46.0.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-26007"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-10T21:27:06Z",
    "nvd_published_at": "2026-02-10T22:17:00Z",
    "severity": "HIGH"
  },
  "details": "## Vulnerability Summary\n\nThe `public_key_from_numbers` (or `EllipticCurvePublicNumbers.public_key()`), `EllipticCurvePublicNumbers.public_key()`, `load_der_public_key()` and `load_pem_public_key()` functions do not verify that the point belongs to the expected prime-order subgroup of the curve.\n\nThis missing validation allows an attacker to provide a public key point `P` from a small-order subgroup.  This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as `S = [victim_private_key]P` via ECDH,  this leaks information about `victim_private_key mod (small_subgroup_order)`. For curves with cofactor \u003e 1, this reveals the least significant bits of the private key.  When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup.\n\nOnly SECT curves are impacted by this.\n\n## Credit\n\nThis vulnerability was discovered by:\n- XlabAI Team of Tencent Xuanwu Lab\n- Atuin Automated Vulnerability Discovery Engine",
  "id": "GHSA-r6ph-v2qm-q3c2",
  "modified": "2026-02-11T14:14:19Z",
  "published": "2026-02-10T21:27:06Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pyca/cryptography"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pyca/cryptography/releases/tag/46.0.5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/02/10/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
}

FKIE_CVE-2026-26007

Vulnerability from fkie_nvd - Published: 2026-02-10 22:17 - Updated: 2026-02-11 15:27

Severity ?

8.2 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c
	security-advisories@github.com	https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2
	af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2026/02/10/4

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5."
    }
  ],
  "id": "CVE-2026-26007",
  "lastModified": "2026-02-11T15:27:26.370",
  "metrics": {
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "HIGH",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2026-02-10T22:17:00.307",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2026/02/10/4"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

RHSA-2026:2694

Vulnerability from csaf_redhat - Published: 2026-02-12 22:32 - Updated: 2026-02-13 19:43

Summary

Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

Notes

Topic

A Subscription Management tool for finding and reporting Red Hat product usage

Details

Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A Subscription Management tool for finding and reporting Red Hat product usage",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:2694",
        "url": "https://access.redhat.com/errata/RHSA-2026:2694"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
        "url": "https://access.redhat.com/security/cve/CVE-2025-13465"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2025-14550",
        "url": "https://access.redhat.com/security/cve/CVE-2025-14550"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-1207",
        "url": "https://access.redhat.com/security/cve/CVE-2026-1207"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-1285",
        "url": "https://access.redhat.com/security/cve/CVE-2026-1285"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-1287",
        "url": "https://access.redhat.com/security/cve/CVE-2026-1287"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-1312",
        "url": "https://access.redhat.com/security/cve/CVE-2026-1312"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-22029",
        "url": "https://access.redhat.com/security/cve/CVE-2026-22029"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
        "url": "https://access.redhat.com/security/cve/CVE-2026-24049"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
        "url": "https://access.redhat.com/security/cve/CVE-2026-25639"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
        "url": "https://access.redhat.com/security/cve/CVE-2026-26007"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
        "url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2694.json"
      }
    ],
    "title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
    "tracking": {
      "current_release_date": "2026-02-13T19:43:40+00:00",
      "generator": {
        "date": "2026-02-13T19:43:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.1"
        }
      },
      "id": "RHSA-2026:2694",
      "initial_release_date": "2026-02-12T22:32:47+00:00",
      "revision_history": [
        {
          "date": "2026-02-12T22:32:47+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-02-12T22:32:54+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-02-13T19:43:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Discovery 2",
                "product": {
                  "name": "Red Hat Discovery 2",
                  "product_id": "Red Hat Discovery 2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:discovery:2::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Discovery"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
                  "product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-server-rhel9@sha256%3Af5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913597"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
                  "product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-ui-rhel9@sha256%3A95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae?arch=amd64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913709"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
                  "product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-server-rhel9@sha256%3Acdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913597"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
                "product": {
                  "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
                  "product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/discovery-ui-rhel9@sha256%3A2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4?arch=arm64\u0026repository_url=registry.redhat.io/discovery\u0026tag=1770913709"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64 as a component of Red Hat Discovery 2",
          "product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        },
        "product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64",
        "relates_to_product_reference": "Red Hat Discovery 2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-13465",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "discovery_date": "2026-01-21T20:01:28.774829+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431740"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "lodash: prototype pollution in _.unset and _.omit functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431740",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
        },
        {
          "category": "external",
          "summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
          "url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
        }
      ],
      "release_date": "2026-01-21T19:05:28.846000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-12T22:32:47+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2694"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "lodash: prototype pollution in _.unset and _.omit functions"
    },
    {
      "cve": "CVE-2025-14550",
      "cwe": {
        "id": "CWE-167",
        "name": "Improper Handling of Additional Special Element"
      },
      "discovery_date": "2026-02-03T15:01:12.970018+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. A remote attacker can exploit this vulnerability by sending a crafted request containing multiple duplicate headers to the ASGIRequest component. This can lead to a potential Denial of Service (DoS), making the affected system unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: Denial of Service via crafted request with duplicate headers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This MODERATE impact denial-of-service flaw in Django affects Red Hat products utilizing the ASGIRequest component, such as Red Hat Ansible Automation Platform, Red Hat Discovery, and Red Hat Satellite. A remote attacker could send specially crafted requests containing duplicate headers, potentially rendering the affected system unavailable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-14550"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-14550",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-14550"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14550",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14550"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "release_date": "2026-02-03T14:38:15.875000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-12T22:32:47+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2694"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Django: Django: Denial of Service via crafted request with duplicate headers"
    },
    {
      "cve": "CVE-2026-1207",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2026-02-03T15:00:58.388707+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436338"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on `RasterField` (only implemented on PostGIS). This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: SQL Injection via RasterField band index parameter",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This IMPORTANT flaw affects Django\u0027s `RasterField` when utilized with PostGIS, allowing remote SQL injection via the band index parameter. Red Hat Ansible Automation Platform, Red Hat Discovery, Red Hat Satellite, Insights, and Ansible Services are impacted if configured to use Django with PostGIS `RasterField` lookups. Successful exploitation could lead to unauthorized data access, modification, or denial of service.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1207"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436338",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436338"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1207"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1207"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "release_date": "2026-02-03T14:35:33.721000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-12T22:32:47+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2694"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Django: Django: SQL Injection via RasterField band index parameter"
    },
    {
      "cve": "CVE-2026-1285",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-02-03T15:01:06.283620+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436340"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. A remote attacker can exploit this vulnerability by providing crafted inputs containing a large number of unmatched HTML end tags to the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods (when `html=True`), or through the `truncatechars_html` and `truncatewords_html` template filters. This can lead to a denial-of-service (DoS) condition, making the application unavailable to legitimate users.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: Denial of Service via crafted HTML inputs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is a MODERATE impact denial-of-service flaw in Django. Applications utilizing Django that process untrusted HTML inputs with a large number of unmatched end tags through the `Truncator.chars()` or `Truncator.words()` methods (with `html=True`), or the `truncatechars_html` and `truncatewords_html` template filters, may experience resource exhaustion. This can lead to the application becoming unavailable.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1285"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436340",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436340"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1285"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1285"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "release_date": "2026-02-03T14:35:50.254000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-12T22:32:47+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2694"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, applications utilizing Django should avoid processing untrusted HTML content through the `django.utils.text.Truncator.chars()` and `Truncator.words()` methods with `html=True`, or the `truncatechars_html` and `truncatewords_html` template filters. Restrict the use of these functions to only trusted inputs where the HTML structure is controlled and validated.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Django: Django: Denial of Service via crafted HTML inputs"
    },
    {
      "cve": "CVE-2026-1287",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2026-02-03T15:01:03.441713+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436339"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to `QuerySet` methods like `annotate()` or `values()`, it can lead to the execution of arbitrary SQL commands. This could result in unauthorized access to sensitive data or modification of information within the database.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: SQL Injection via crafted column aliases",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This IMPORTANT SQL injection flaw in Django allows a remote attacker to execute arbitrary SQL commands by crafting column aliases. This vulnerability affects Red Hat products that incorporate Django, such as Red Hat Ansible Automation Platform, Red Hat Discovery, Red Hat Satellite, Insights, and Ansible Services, potentially leading to unauthorized data access or modification.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1287"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436339",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436339"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1287",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1287"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1287"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "release_date": "2026-02-03T14:36:03.630000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-12T22:32:47+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2694"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Django: Django: SQL Injection via crafted column aliases"
    },
    {
      "cve": "CVE-2026-1312",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2026-02-03T15:01:18.274166+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2436342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Django. A remote attacker could exploit a SQL injection vulnerability in the `.QuerySet.order_by()` method. This occurs when column aliases containing periods are used, and the same alias is also present in `FilteredRelation` via a specially crafted dictionary. Successful exploitation could lead to unauthorized information disclosure or arbitrary code execution within the database.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This IMPORTANT vulnerability in Django allows for SQL injection within the `QuerySet.order_by()` method. A remote attacker could exploit this by providing crafted column aliases that include periods, specifically when used with `FilteredRelation`. Successful exploitation may result in unauthorized information disclosure or arbitrary code execution against the underlying database. This affects Red Hat products that integrate Django, such as Red Hat Ansible Automation Platform and Red Hat Satellite.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-1312"
        },
        {
          "category": "external",
          "summary": "RHBZ#2436342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-1312",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-1312"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1312"
        },
        {
          "category": "external",
          "summary": "https://docs.djangoproject.com/en/dev/releases/security/",
          "url": "https://docs.djangoproject.com/en/dev/releases/security/"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/django-announce",
          "url": "https://groups.google.com/g/django-announce"
        },
        {
          "category": "external",
          "summary": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/",
          "url": "https://www.djangoproject.com/weblog/2026/feb/03/security-releases/"
        }
      ],
      "release_date": "2026-02-03T14:36:23.257000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-12T22:32:47+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2694"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Django: Django: SQL injection via crafted column aliases in QuerySet.order_by()"
    },
    {
      "cve": "CVE-2026-22029",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2026-01-10T04:01:03.694749+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2428412"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "React Router is a router for React. In @remix-run/router version prior to 1.23.2. and react-router 7.0.0 through 7.11.0, React Router (and Remix v1/v2) SPA open navigation redirects originating from loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes can result in unsafe URLs causing unintended javascript execution on the client. This is only an issue if you are creating redirect paths from untrusted content or via an open redirect. There is no impact if Declarative Mode (\u003cBrowserRouter\u003e) is being used. This issue has been patched in @remix-run/router version 1.23.2 and react-router version 7.12.0.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-22029"
        },
        {
          "category": "external",
          "summary": "RHBZ#2428412",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428412"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-22029",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-22029"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22029"
        },
        {
          "category": "external",
          "summary": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx",
          "url": "https://github.com/remix-run/react-router/security/advisories/GHSA-2w69-qvjg-hvjx"
        }
      ],
      "release_date": "2026-01-10T02:42:32.736000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-12T22:32:47+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2694"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "@remix-run/router: react-router: React Router vulnerable to XSS via Open Redirects"
    },
    {
      "cve": "CVE-2026-24049",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2026-01-22T05:00:54.709179+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2431959"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-24049"
        },
        {
          "category": "external",
          "summary": "RHBZ#2431959",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
        },
        {
          "category": "external",
          "summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
          "url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
        },
        {
          "category": "external",
          "summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
          "url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
        },
        {
          "category": "external",
          "summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
          "url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
        }
      ],
      "release_date": "2026-01-22T04:02:08.706000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-12T22:32:47+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2694"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
    },
    {
      "cve": "CVE-2026-25639",
      "cwe": {
        "id": "CWE-1287",
        "name": "Improper Validation of Specified Type of Input"
      },
      "discovery_date": "2026-02-09T21:00:49.280114+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2438237"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in 1.13.5.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-25639"
        },
        {
          "category": "external",
          "summary": "RHBZ#2438237",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
          "url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
          "url": "https://github.com/axios/axios/releases/tag/v1.13.5"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
        }
      ],
      "release_date": "2026-02-09T20:11:22.374000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-12T22:32:47+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2694"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
    },
    {
      "cve": "CVE-2026-26007",
      "cwe": {
        "id": "CWE-354",
        "name": "Improper Validation of Integrity Check Value"
      },
      "discovery_date": "2026-02-10T22:01:01.036116+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2438762"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. This vulnerability is fixed in 46.0.5.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
        ],
        "known_not_affected": [
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
          "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-26007"
        },
        {
          "category": "external",
          "summary": "RHBZ#2438762",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
          "url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
        },
        {
          "category": "external",
          "summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
          "url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
        }
      ],
      "release_date": "2026-02-10T21:42:56.471000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-02-12T22:32:47+00:00",
          "details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:2694"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:cdf9b1062c961f67ee4f5dd3e23b26420517f884a51d2034efacff6847d47b5f_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:f5bc26180f20c635474f48fb7fb1aaf348fb3544db93cc23901ed3fb2662d3a8_amd64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:2ff9787699ff67dab7ee6f300d84651233f499aac8aeee10bfe21381806393c4_arm64",
            "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:95d6b321323773a5a465ef2e83aafd2937cb4b5fe48bd81c7f8996b3b52702ae_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-26007 (GCVE-0-2026-26007)

GHSA-R6PH-V2QM-Q3C2

Vulnerability Summary

Credit

FKIE_CVE-2026-26007

RHSA-2026:2694

Tags

Sightings

Nomenclature