Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-26017 (GCVE-0-2026-26017)
Vulnerability from cvelistv5 – Published: 2026-03-06 15:36 – Updated: 2026-03-06 16:06
VLAI?
EPSS
Title
CoreDNS ACL Bypass
Summary
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.
Severity ?
7.7 (High)
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26017",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T16:06:32.284525Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:06:41.093Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "coredns",
"vendor": "coredns",
"versions": [
{
"status": "affected",
"version": "\u003c 1.14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T15:36:15.655Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
},
{
"name": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
}
],
"source": {
"advisory": "GHSA-c9v3-4pv7-87pr",
"discovery": "UNKNOWN"
},
"title": "CoreDNS ACL Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26017",
"datePublished": "2026-03-06T15:36:15.655Z",
"dateReserved": "2026-02-09T21:36:29.554Z",
"dateUpdated": "2026-03-06T16:06:41.093Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-26017",
"date": "2026-04-14",
"epss": "0.00059",
"percentile": "0.18364"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-26017\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-06T16:16:10.397\",\"lastModified\":\"2026-03-09T20:31:14.997\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-367\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.14.2\",\"matchCriteriaId\":\"B72A7A10-A05D-47A2-93A8-076E4C944D23\"}]}]}],\"references\":[{\"url\":\"https://github.com/coredns/coredns/releases/tag/v1.14.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-26017\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-06T16:06:32.284525Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-06T16:06:35.183Z\"}}], \"cna\": {\"title\": \"CoreDNS ACL Bypass\", \"source\": {\"advisory\": \"GHSA-c9v3-4pv7-87pr\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"coredns\", \"product\": \"coredns\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.14.2\"}]}], \"references\": [{\"url\": \"https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr\", \"name\": \"https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/coredns/coredns/releases/tag/v1.14.2\", \"name\": \"https://github.com/coredns/coredns/releases/tag/v1.14.2\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-367\", \"description\": \"CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-06T15:36:15.655Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-26017\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-06T16:06:41.093Z\", \"dateReserved\": \"2026-02-09T21:36:29.554Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-06T15:36:15.655Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2026-0627
Vulnerability from csaf_certbund - Published: 2026-03-05 23:00 - Updated: 2026-03-08 23:00Summary
CoreDNS: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: CoreDNS ist ein DNS server.
Angriff: Ein Angreifer kann mehrere Schwachstellen in CoreDNS ausnutzen, um Sicherheitsvorkehrungen zu umgehen, und um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
References
| URL | Category | |
|---|---|---|
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "CoreDNS ist ein DNS server.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in CoreDNS ausnutzen, um Sicherheitsvorkehrungen zu umgehen, und um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0627 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0627.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0627 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0627"
},
{
"category": "external",
"summary": "CoreDNS GitHub vom 2026-03-05",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
},
{
"category": "external",
"summary": "CoreDNS GitHub vom 2026-03-05",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10297-1 vom 2026-03-08",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XTKYCU7PQZZIHLVJXWGEMRKJRO3UY3UT/"
}
],
"source_lang": "en-US",
"title": "CoreDNS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-08T23:00:00.000+00:00",
"generator": {
"date": "2026-03-09T08:11:50.433+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0627",
"initial_release_date": "2026-03-05T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-08T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von openSUSE und European Union Vulnerability Database aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.14.2",
"product": {
"name": "Open Source CoreDNS \u003c1.14.2",
"product_id": "T051469"
}
},
{
"category": "product_version",
"name": "1.14.2",
"product": {
"name": "Open Source CoreDNS 1.14.2",
"product_id": "T051469-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:coredns:coredns:1.14.2"
}
}
}
],
"category": "product_name",
"name": "CoreDNS"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26017",
"product_status": {
"known_affected": [
"T027843",
"T051469"
]
},
"release_date": "2026-03-05T23:00:00.000+00:00",
"title": "CVE-2026-26017"
},
{
"cve": "CVE-2026-26018",
"product_status": {
"known_affected": [
"T027843",
"T051469"
]
},
"release_date": "2026-03-05T23:00:00.000+00:00",
"title": "CVE-2026-26018"
}
]
}
FKIE_CVE-2026-26017
Vulnerability from fkie_nvd - Published: 2026-03-06 16:16 - Updated: 2026-03-09 20:31
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/coredns/coredns/releases/tag/v1.14.2 | Product, Release Notes | |
| security-advisories@github.com | https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| coredns.io | coredns | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:coredns.io:coredns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B72A7A10-A05D-47A2-93A8-076E4C944D23",
"versionEndExcluding": "1.14.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2."
},
{
"lang": "es",
"value": "CoreDNS es un servidor DNS que encadena plugins. Antes de la versi\u00f3n 1.14.2, una vulnerabilidad l\u00f3gica en CoreDNS permite que los controles de acceso DNS sean eludidos debido al orden de ejecuci\u00f3n predeterminado de los plugins. Plugins de seguridad como acl son evaluados antes del plugin rewrite, lo que resulta en una falla de Tiempo de Verificaci\u00f3n Tiempo de Uso (TOCTOU). Este problema ha sido parcheado en la versi\u00f3n 1.14.2."
}
],
"id": "CVE-2026-26017",
"lastModified": "2026-03-09T20:31:14.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-03-06T16:16:10.397",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
OPENSUSE-SU-2026:10297-1
Vulnerability from csaf_opensuse - Published: 2026-03-07 00:00 - Updated: 2026-03-07 00:00Summary
coredns-1.14.2-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: coredns-1.14.2-1.1 on GA media
Description of the patch: These are all security issues fixed in the coredns-1.14.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10297
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "coredns-1.14.2-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the coredns-1.14.2-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10297",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10297-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26017 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26018 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26018/"
}
],
"title": "coredns-1.14.2-1.1 on GA media",
"tracking": {
"current_release_date": "2026-03-07T00:00:00Z",
"generator": {
"date": "2026-03-07T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10297-1",
"initial_release_date": "2026-03-07T00:00:00Z",
"revision_history": [
{
"date": "2026-03-07T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.2-1.1.aarch64",
"product": {
"name": "coredns-1.14.2-1.1.aarch64",
"product_id": "coredns-1.14.2-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.14.2-1.1.aarch64",
"product": {
"name": "coredns-extras-1.14.2-1.1.aarch64",
"product_id": "coredns-extras-1.14.2-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.2-1.1.ppc64le",
"product": {
"name": "coredns-1.14.2-1.1.ppc64le",
"product_id": "coredns-1.14.2-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.14.2-1.1.ppc64le",
"product": {
"name": "coredns-extras-1.14.2-1.1.ppc64le",
"product_id": "coredns-extras-1.14.2-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.2-1.1.s390x",
"product": {
"name": "coredns-1.14.2-1.1.s390x",
"product_id": "coredns-1.14.2-1.1.s390x"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.14.2-1.1.s390x",
"product": {
"name": "coredns-extras-1.14.2-1.1.s390x",
"product_id": "coredns-extras-1.14.2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "coredns-1.14.2-1.1.x86_64",
"product": {
"name": "coredns-1.14.2-1.1.x86_64",
"product_id": "coredns-1.14.2-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "coredns-extras-1.14.2-1.1.x86_64",
"product": {
"name": "coredns-extras-1.14.2-1.1.x86_64",
"product_id": "coredns-extras-1.14.2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.14.2-1.1.aarch64"
},
"product_reference": "coredns-1.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.14.2-1.1.ppc64le"
},
"product_reference": "coredns-1.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.14.2-1.1.s390x"
},
"product_reference": "coredns-1.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-1.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-1.14.2-1.1.x86_64"
},
"product_reference": "coredns-1.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.2-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.aarch64"
},
"product_reference": "coredns-extras-1.14.2-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.2-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.ppc64le"
},
"product_reference": "coredns-extras-1.14.2-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.2-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.s390x"
},
"product_reference": "coredns-extras-1.14.2-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "coredns-extras-1.14.2-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.x86_64"
},
"product_reference": "coredns-extras-1.14.2-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26017"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw. This issue has been patched in version 1.14.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:coredns-1.14.2-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26017",
"url": "https://www.suse.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "SUSE Bug 1259320 for CVE-2026-26017",
"url": "https://bugzilla.suse.com/1259320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:coredns-1.14.2-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26017"
},
{
"cve": "CVE-2026-26018",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26018"
}
],
"notes": [
{
"category": "general",
"text": "CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS\u0027s loop detection plugin that allows an attacker to crash the DNS server by sending specially crafted DNS queries. The vulnerability stems from the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name, combined with a fatal error handler that terminates the entire process. This issue has been patched in version 1.14.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:coredns-1.14.2-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26018",
"url": "https://www.suse.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "SUSE Bug 1259319 for CVE-2026-26018",
"url": "https://bugzilla.suse.com/1259319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:coredns-1.14.2-1.1.aarch64",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.s390x",
"openSUSE Tumbleweed:coredns-1.14.2-1.1.x86_64",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.aarch64",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.ppc64le",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.s390x",
"openSUSE Tumbleweed:coredns-extras-1.14.2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-07T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26018"
}
]
}
MSRC_CVE-2026-26017
Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-03-14 01:36Summary
CoreDNS ACL Bypass
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.7 (High)
Vendor Fix
1.11.4-15:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
Vendor Fix
1.11.1-26:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26017 CoreDNS ACL Bypass - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-26017.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "CoreDNS ACL Bypass",
"tracking": {
"current_release_date": "2026-03-14T01:36:50.000Z",
"generator": {
"date": "2026-03-14T07:12:41.872Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-26017",
"initial_release_date": "2026-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-03-08T01:01:21.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-03-09T14:36:34.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-03-11T01:01:14.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-03-14T01:36:50.000Z",
"legacy_version": "4",
"number": "4",
"summary": "Information published."
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 coredns 1.11.4-14",
"product": {
"name": "\u003cazl3 coredns 1.11.4-14",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 coredns 1.11.4-14",
"product": {
"name": "azl3 coredns 1.11.4-14",
"product_id": "20990"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 coredns 1.11.1-25",
"product": {
"name": "\u003ccbl2 coredns 1.11.1-25",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 coredns 1.11.1-25",
"product": {
"name": "cbl2 coredns 1.11.1-25",
"product_id": "20915"
}
}
],
"category": "product_name",
"name": "coredns"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 coredns 1.11.4-14 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 coredns 1.11.4-14 as a component of Azure Linux 3.0",
"product_id": "20990-17084"
},
"product_reference": "20990",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 coredns 1.11.1-25 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 coredns 1.11.1-25 as a component of CBL Mariner 2.0",
"product_id": "20915-17086"
},
"product_reference": "20915",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26017",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20990-17084",
"20915-17086"
],
"known_affected": [
"17084-1",
"17086-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-26017 CoreDNS ACL Bypass - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-26017.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-08T01:01:21.000Z",
"details": "1.11.4-15:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2026-03-08T01:01:21.000Z",
"details": "1.11.1-26:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"temporalScore": 7.7,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"17084-1",
"17086-2"
]
}
],
"title": "CoreDNS ACL Bypass"
}
]
}
RHSA-2026:8151
Vulnerability from csaf_redhat - Published: 2026-04-14 15:55 - Updated: 2026-04-15 11:51Summary
Red Hat Security Advisory: Submariner v0.22 security fixes and container updates
Severity
Important
Notes
Topic: Submariner v0.22 General Availability release images, which provide enhancements, security fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Red Hat Advanced Cluster Management for Kubernetes v2.15
Details: Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.
For more information about Submariner, see the Submariner open source community website at: https://submariner.io/.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.
5.3 (Medium)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
7.5 (High)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as 'acl', are evaluated before the 'rewrite' plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.
7.7 (High)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS's loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.
7.5 (High)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
7.5 (High)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
8.1 (High)
Vendor Fix
For release note details, see the upstream Submariner release notes:
https://submariner.io/community/releases/
Downstream-specific issues resolved:
* ACM-28330
* ACM-28332
* ACM-28334
* ACM-28336
* ACM-28338
* ACM-28340
* ACM-28343
* ACM-29328
* ACM-29512
* ACM-29661
* ACM-29662
* ACM-29681
* ACM-29682
* ACM-29683
* ACM-29684
* ACM-29777
* ACM-29801
* ACM-30135
* ACM-30730
* ACM-30731
* ACM-31135
* ACM-31137
* ACM-31861
* ACM-31872
* ACM-31874
* ACM-23783
* ACM-24731
* ACM-24797
* ACM-25518
* ACM-26321
* ACM-26965
* ACM-27273
* ACM-28917
* ACM-30321
* ACM-30640
* ACM-30970
* ACM-8640
For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:
https://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/
https://access.redhat.com/errata/RHSA-2026:8151
Workaround
To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Submariner v0.22 General Availability release images, which provide enhancements, security fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.\nRed Hat Advanced Cluster Management for Kubernetes v2.15",
"title": "Topic"
},
{
"category": "general",
"text": "Submariner is a Kubernetes operator that enables cross-cluster connectivity for services and pods, implementing KEP-1645 (Multi-Cluster Services API). After deploying the Submariner operator, it can enable direct networking between pods and services across different Kubernetes clusters.\n\nFor more information about Submariner, see the Submariner open source community website at: https://submariner.io/.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8151",
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68151",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26017",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26018",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8151.json"
}
],
"title": "Red Hat Security Advisory: Submariner v0.22 security fixes and container updates",
"tracking": {
"current_release_date": "2026-04-15T11:51:56+00:00",
"generator": {
"date": "2026-04-15T11:51:56+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:8151",
"initial_release_date": "2026-04-14T15:55:27+00:00",
"revision_history": [
{
"date": "2026-04-14T15:55:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-14T15:55:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-15T11:51:56+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product": {
"name": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:acm:2.15::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Advanced Cluster Management for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ab54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774084104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3Adb1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774086225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774372741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774085848"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-operator-bundle@sha256%3A39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774565831"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550350"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774332596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3Aff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32?arch=amd64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550357"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3A3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774084104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774086225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774372741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3Ad061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774085848"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3A1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550350"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Ae3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774332596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564?arch=ppc64le\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550357"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ac9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774084104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774086225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3Aa34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774372741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774085848"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3Ad85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550350"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3A93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774332596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b?arch=s390x\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550357"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-agent-rhel9@sha256%3Ad3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774084104"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"product_id": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lighthouse-coredns-rhel9@sha256%3A8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774086225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"product_id": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/nettest-rhel9@sha256%3A00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774372741"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"product_id": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/subctl-rhel9@sha256%3A6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774085848"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-gateway-rhel9@sha256%3Ac153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550350"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-globalnet-rhel9@sha256%3Aeedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-rhel9-operator@sha256%3A0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774332596"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"product": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"product_id": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/submariner-route-agent-rhel9@sha256%3A09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7?arch=arm64\u0026repository_url=registry.redhat.io/rhacm2\u0026tag=1774550357"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64 as a component of Red Hat Advanced Cluster Management for Kubernetes 2.15",
"product_id": "Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
},
"product_reference": "registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64",
"relates_to_product_reference": "Red Hat Advanced Cluster Management for Kubernetes 2.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2025-68151",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-08T16:01:04.891768+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428009"
}
],
"notes": [
{
"category": "description",
"text": "Multiple CoreDNS server implementations (gRPC, HTTPS, and HTTP/3) lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent connections, streams, or sending oversized request bodies. The issue is similar in nature to CVE-2025-47950 (QUIC DoS) but affects additional server types that do not enforce connection limits, stream limits, or message size constraints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68151"
},
{
"category": "external",
"summary": "RHBZ#2428009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428009"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68151"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812",
"url": "https://github.com/coredns/coredns/commit/0d8cbb1a6bcb6bc9c1a489865278b8725fa20812"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/pull/7490",
"url": "https://github.com/coredns/coredns/pull/7490"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-527x-5wrf-22m2"
}
],
"release_date": "2026-01-08T15:33:12.711000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/coredns/coredns/core/dnsserver: CoreDNS DoS via unbounded connections and oversized messages"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-26017",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-03-06T16:01:45.971241+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445244"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that uses a chain of plugins. This logical vulnerability allows an attacker to bypass DNS access controls. The issue occurs because security plugins, such as \u0027acl\u0027, are evaluated before the \u0027rewrite\u0027 plugin, creating a Time-of-Check Time-of-Use (TOCTOU) flaw. This flaw enables an attacker to circumvent intended access restrictions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26017"
},
{
"category": "external",
"summary": "RHBZ#2445244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445244"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26017"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
}
],
"release_date": "2026-03-06T15:36:15.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: DNS access control bypass due to plugin execution order flaw"
},
{
"cve": "CVE-2026-26018",
"cwe": {
"id": "CWE-1241",
"name": "Use of Predictable Algorithm in Random Number Generator"
},
"discovery_date": "2026-03-06T16:01:38.150099+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445242"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CoreDNS, a DNS server that chains plugins. A remote attacker can exploit this flaw by sending specially crafted DNS queries. This vulnerability exists in CoreDNS\u0027s loop detection plugin due to the use of a predictable pseudo-random number generator (PRNG) for generating a secret query name. Successful exploitation can lead to a denial of service (DoS) by crashing the DNS server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26018"
},
{
"category": "external",
"summary": "RHBZ#2445242",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445242"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26018"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26018"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/releases/tag/v1.14.2",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
},
{
"category": "external",
"summary": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-h75p-j8xm-m278"
}
],
"release_date": "2026-03-06T15:35:50.801000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/coredns/coredns: CoreDNS: Denial of Service vulnerability due to predictable pseudo-random number generation"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le"
],
"known_not_affected": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-14T15:55:27+00:00",
"details": "For release note details, see the upstream Submariner release notes:\n\nhttps://submariner.io/community/releases/\n\nDownstream-specific issues resolved:\n* ACM-28330\n* ACM-28332\n* ACM-28334\n* ACM-28336\n* ACM-28338\n* ACM-28340\n* ACM-28343\n* ACM-29328\n* ACM-29512\n* ACM-29661\n* ACM-29662\n* ACM-29681\n* ACM-29682\n* ACM-29683\n* ACM-29684\n* ACM-29777\n* ACM-29801\n* ACM-30135\n* ACM-30730\n* ACM-30731\n* ACM-31135\n* ACM-31137\n* ACM-31861\n* ACM-31872\n* ACM-31874\n* ACM-23783\n* ACM-24731\n* ACM-24797\n* ACM-25518\n* ACM-26321\n* ACM-26965\n* ACM-27273\n* ACM-28917\n* ACM-30321\n* ACM-30640\n* ACM-30970\n* ACM-8640\n\nFor more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.15/",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8151"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:3a7d7ad6a28416cd4479b5cf1508067e10ce342f01c7bb4aa3676abbd9f43a4a_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:b54f4ec7c1e1f45077ad840b6ddbe3388b640f3acc8b29f68ff59547805ee64d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:c9770153fe0b62c88b947de715ba5867af88c51ad65ec63d319be5a77dcc5c32_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-agent-rhel9@sha256:d3d6fc310945928456e59f5fc04d149af2729d13c27f7c980876d8709e2ce864_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:251df7bb1820fed1c75e7b5dd14ed2d12a9bf2f3b74c87f6a0027ebf0641d4e5_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:7ee76ee6dd4a832fccaca245b0f71def3736d90e37476281c273d081234747a2_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:8b17116d4d52c8ab22a72d9c3ff5e2b0820cc0be99ccc405c4d69a3f7ef933bf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/lighthouse-coredns-rhel9@sha256:db1083469ea0c8bf20c10252f4e5f500dd38daca85a996e834f866f9618c3e95_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:00b683c6d8a62a7057f64700526ef5f9eb10dec3809ee1c6d6abda6f76dd79fd_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:3780b6e2fa5c3c0328a161d6328ed828879c5bdb38cc2ab451366b60ffa5b043_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:6c394c6c6de11664040b84bbdbe2ae8222bece13e36460774ab3c41fc92f932e_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/nettest-rhel9@sha256:a34e02a2aa68bdad0e1d2aba40bfc782b1b5b9d2b0bc7c9fd391af7417a454a0_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:613ec029444a86d5510c67551d9b346379413f79064b4a406f8e4ad10b71f5a0_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:6ceaac04b5db279336bdefa462ae02a84e631151315cb6fc657709b72671babf_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:9f29e3a800b04a0d188957d8f9ca35c85c39107c29fdf97b5b9ba15bbec4cc29_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/subctl-rhel9@sha256:d061e9013521b8b7fe281176926e8b4684fddded2bf166906d8fa5d15ac9da32_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1294c67c44cd5ecde081e35432874b6cabdcd17252f9dfc773eb5158213550e7_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:1823cb53424d92094ff3b1a151501771c5886b25bba4bab79197ad6fd32304ef_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:c153b1c35cf9aa01c416e7d3dd90b89363715544544c09802039a7629f721c42_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-gateway-rhel9@sha256:d85a0d45300376bd1ba2b272d13c65fa957bf0f78a9ae50dff27eb0d5ce95735_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:5f8f4618887f2176dc24bbf6419112f85a68e58d49ff47cb1bbd198f2e148d9d_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:93a516a33793b18899586982bbf5b3d741cd8fc6d3285972cc014f823ca75a0d_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:e3090d6f0a2ca71edf606ca49cafa063ac9ff3122f0d377ed9f25a37151d6fb0_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-globalnet-rhel9@sha256:eedb220436102065b61787715d917459d01e4494a15dffb90474882e8f3086b9_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-operator-bundle@sha256:39088cefc6419019cd9d83bf2f717634fcd01d9befd37b8342553956fae5dd5f_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:0d5f60990dd0863cb501bff5f7b94b979bea3f4ef05e07eb825228dfb3de3248_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:3a481555d5376183a2ee392c409739417d5778e2c0559472f9070ccfe2918e2c_amd64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:4185f61ee8a0deb08e41e1c51753cdb6c6068c421c8e3dda7f1a86f67ab4fed3_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-rhel9-operator@sha256:5b5f6ffba68d27f81bb5c26e4fb83d80a4b72523110e622d764f9337d1cb4826_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:09eb5fdd7c085c63b62fb3eb222e6d03ef88d43e56a12440626a10d908086ff7_arm64",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:5ae8ef0d436d6e1d61d2b444a41639d5c98dfe468308d42710aa9a62e5f8fc2b_s390x",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:9068b8224f902247d20403d43f7bf66f4d6d202de2ac3f80a46d8211e42e5564_ppc64le",
"Red Hat Advanced Cluster Management for Kubernetes 2.15:registry.redhat.io/rhacm2/submariner-route-agent-rhel9@sha256:ff86bbf817bfc8450074d2ee2e8e55f6e500e7f23d12e3e1ef949cb49acb5e32_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
}
]
}
CERTFR-2026-AVI-0299
Vulnerability from certfr_avis - Published: 2026-03-16 - Updated: 2026-03-16
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | azl3 coredns 1.11.4-14 versions antérieures à 1.11.4-15 | ||
| Microsoft | N/A | azl3 giflib 5.2.1-10 versions antérieures à 5.2.1-11 | ||
| Microsoft | N/A | cbl2 coredns 1.11.1-25 versions antérieures à 1.11.1-26 | ||
| Microsoft | N/A | azl3 azurelinux-image-tools 1.2.0-1 versions antérieures à 1.2.0-2 | ||
| Microsoft | N/A | cbl2 giflib 5.2.1-10 versions antérieures à 5.2.1-11 | ||
| Microsoft | N/A | azl3 golang 1.26.0-1 versions antérieures à 1.26.1-1 | ||
| Microsoft | N/A | azl3 golang 1.25.7-1 versions antérieures à 1.25.8-1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 coredns 1.11.4-14 versions ant\u00e9rieures \u00e0 1.11.4-15",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 giflib 5.2.1-10 versions ant\u00e9rieures \u00e0 5.2.1-11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 coredns 1.11.1-25 versions ant\u00e9rieures \u00e0 1.11.1-26",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 azurelinux-image-tools 1.2.0-1 versions ant\u00e9rieures \u00e0 1.2.0-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "cbl2 giflib 5.2.1-10 versions ant\u00e9rieures \u00e0 5.2.1-11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.26.0-1 versions ant\u00e9rieures \u00e0 1.26.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 golang 1.25.7-1 versions ant\u00e9rieures \u00e0 1.25.8-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-27138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27138"
},
{
"name": "CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"name": "CVE-2026-26018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26018"
},
{
"name": "CVE-2026-26017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26017"
},
{
"name": "CVE-2026-23868",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23868"
},
{
"name": "CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
}
],
"initial_release_date": "2026-03-16T00:00:00",
"last_revision_date": "2026-03-16T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0299",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2026-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26018",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26018"
},
{
"published_at": "2026-03-12",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23868",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23868"
},
{
"published_at": "2026-03-08",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-26017",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26017"
},
{
"published_at": "2026-03-05",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27141",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27141"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27138",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27138"
},
{
"published_at": "2026-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27137",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27137"
}
]
}
GHSA-C9V3-4PV7-87PR
Vulnerability from github – Published: 2026-03-06 18:04 – Updated: 2026-03-06 22:43
VLAI?
Summary
CoreDNS ACL Bypass
Details
A logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw.
Impact
In multi-tenant Kubernetes clusters, this flaw undermines DNS-based segmentation strategies.
Example scenario: 1. ACL blocks access to *.admin.svc.cluster.local 2. A rewrite rule maps public-name → admin.svc.cluster.local 3. An unprivileged pod queries public-name 4. ACL allows the request 5. Rewrite exposes the internal admin service IP
This allows unauthorized service discovery and reconnaissance of restricted internal infrastructure.
Patches
Has the problem been patched? What versions should users upgrade to?
Workarounds
- Reorder the default plugin.cfg so that:
- rewrite and other normalization plugins run before acl, opa, and firewall
- Ensure all access control checks are applied after name normalization.
Severity ?
7.7 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/coredns/coredns"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-26017"
],
"database_specific": {
"cwe_ids": [
"CWE-367"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-06T18:04:00Z",
"nvd_published_at": "2026-03-06T16:16:10Z",
"severity": "HIGH"
},
"details": "A logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default execution order of plugins. Security plugins such as acl are evaluated before the rewrite plugin, resulting in a Time-of-Check Time-of-Use (TOCTOU) flaw.\n\n\n### Impact\n\nIn multi-tenant Kubernetes clusters, this flaw undermines DNS-based segmentation strategies.\n\nExample scenario:\n1. ACL blocks access to *.admin.svc.cluster.local\n2. A rewrite rule maps public-name \u2192 admin.svc.cluster.local\n3. An unprivileged pod queries public-name\n4. ACL allows the request\n5. Rewrite exposes the internal admin service IP\n\nThis allows unauthorized service discovery and reconnaissance of restricted internal infrastructure.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\n### Workarounds\n\n- Reorder the default plugin.cfg so that:\n - rewrite and other normalization plugins run before acl, opa, and firewall\n- Ensure all access control checks are applied after name normalization.",
"id": "GHSA-c9v3-4pv7-87pr",
"modified": "2026-03-06T22:43:40Z",
"published": "2026-03-06T18:04:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/security/advisories/GHSA-c9v3-4pv7-87pr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26017"
},
{
"type": "PACKAGE",
"url": "https://github.com/coredns/coredns"
},
{
"type": "WEB",
"url": "https://github.com/coredns/coredns/releases/tag/v1.14.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "CoreDNS ACL Bypass"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…