Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-27459 (GCVE-0-2026-27459)
Vulnerability from cvelistv5 – Published: 2026-03-17 23:34 – Updated: 2026-03-18 19:52
VLAI?
EPSS
Title
pyOpenSSL DTLS cookie callback buffer overflow
Summary
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
Severity ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-18T19:52:08.536876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T19:52:15.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pyopenssl",
"vendor": "pyca",
"versions": [
{
"status": "affected",
"version": "\u003e= 22.0.0, \u003c 26.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T23:34:28.483Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
},
{
"name": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"name": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
}
],
"source": {
"advisory": "GHSA-5pwr-322w-8jr4",
"discovery": "UNKNOWN"
},
"title": "pyOpenSSL DTLS cookie callback buffer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27459",
"datePublished": "2026-03-17T23:34:28.483Z",
"dateReserved": "2026-02-19T17:25:31.100Z",
"dateUpdated": "2026-03-18T19:52:15.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-27459",
"date": "2026-05-03",
"epss": "0.00026",
"percentile": "0.07236"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-27459\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-18T00:16:19.273\",\"lastModified\":\"2026-03-25T16:41:28.017\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.\"},{\"lang\":\"es\",\"value\":\"pyOpenSSL es un envoltorio de Python para la biblioteca OpenSSL. A partir de la versi\u00f3n 22.0.0 y antes de la versi\u00f3n 26.0.0, si una devoluci\u00f3n de llamada proporcionada por el usuario a set_cookie_generate_callback devolv\u00eda un valor de cookie superior a 256 bytes, pyOpenSSL desbordar\u00eda un b\u00fafer proporcionado por OpenSSL. A partir de la versi\u00f3n 26.0.0, los valores de cookie que son demasiado largos ahora son rechazados.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"UNREPORTED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pyopenssl:pyopenssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"22.0.0\",\"versionEndExcluding\":\"26.0.0\",\"matchCriteriaId\":\"36CBBDFE-83B3-4F32-98E6-49E62AD0BD1B\"}]}]}],\"references\":[{\"url\":\"https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27459\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-18T19:52:08.536876Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-18T19:52:12.530Z\"}}], \"cna\": {\"title\": \"pyOpenSSL DTLS cookie callback buffer overflow\", \"source\": {\"advisory\": \"GHSA-5pwr-322w-8jr4\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 7.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"pyca\", \"product\": \"pyopenssl\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 22.0.0, \u003c 26.0.0\"}]}], \"references\": [{\"url\": \"https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4\", \"name\": \"https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\", \"name\": \"https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst\", \"name\": \"https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-120\", \"description\": \"CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-17T23:34:28.483Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-27459\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-18T19:52:15.812Z\", \"dateReserved\": \"2026-02-19T17:25:31.100Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-17T23:34:28.483Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:8437
Vulnerability from csaf_redhat - Published: 2026-04-16 10:43 - Updated: 2026-04-30 16:32Summary
Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency
Severity
Important
Notes
Topic: The GA release of the RHTAS Model Transparency CLI image.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4
Details: The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Vendor Fix
The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).
For details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:8437
Workaround
To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
7.5 (High)
Vendor Fix
The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).
For details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:8437
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
7.5 (High)
Vendor Fix
The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).
For details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:8437
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The GA release of the RHTAS Model Transparency CLI image.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Model Transparency CLI image can be used to sign and verify AI/ML workloads",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:8437",
"url": "https://access.redhat.com/errata/RHSA-2026:8437"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-30922",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8437.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.4 - GA Release of Model Transparency",
"tracking": {
"current_release_date": "2026-04-30T16:32:48+00:00",
"generator": {
"date": "2026-04-30T16:32:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2026:8437",
"initial_release_date": "2026-04-16T10:43:56+00:00",
"revision_history": [
{
"date": "2026-04-16T10:43:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-16T10:44:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T16:32:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.4",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"product": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"product_id": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/model-transparency-rhel9@sha256%3A58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1775815407"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64",
"product": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64",
"product_id": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64",
"product_identification_helper": {
"purl": "pkg:oci/model-transparency-rhel9@sha256%3A66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755?arch=arm64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1775815407"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64"
},
"product_reference": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
},
"product_reference": "registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:43:56+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8437"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-30922",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-03-18T04:02:45.401296+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448553"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "RHBZ#2448553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
}
],
"release_date": "2026-03-18T02:29:45.857000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:43:56+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8437"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-16T10:43:56+00:00",
"details": "The Model Transparency CLI Image is a containerized command-line tool for signing and verifying AI/ML workloads against a private Red Hat Trusted Artifact Signer (RHTAS) instance. It lets teams create signatures and attestations for model artifacts and validate them at build or deploy time using enterprise trust material (e.g., Fulcio/Rekor).\n\nFor details on using the Model Transparency CLI image, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:8437"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:58f6c2216f1b745ff0af4195dc72395eeab531bf8561b507ea64730f38ecc24d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/model-transparency-rhel9@sha256:66b12e8e6822f23ad63f43c660d815d8007da46aa5ac3b5cceebf727b147f755_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
}
]
}
RHSA-2026:11856
Vulnerability from csaf_redhat - Published: 2026-04-29 17:11 - Updated: 2026-05-04 08:25Summary
Red Hat Security Advisory: Red Hat Quay 3.12.17
Severity
Important
Notes
Topic: Red Hat Quay 3.12.17 is now available with bug fixes.
Details: Quay 3.12.17
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11856
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11856
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11856
Workaround
To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11856
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11856
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11856
Workaround
To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11856
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.17 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.17",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11856",
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11856.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.17",
"tracking": {
"current_release_date": "2026-05-04T08:25:21+00:00",
"generator": {
"date": "2026-05-04T08:25:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2026:11856",
"initial_release_date": "2026-04-29T17:11:19+00:00",
"revision_history": [
{
"date": "2026-04-29T17:11:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-29T17:11:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-04T08:25:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776698050"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697488"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Acba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776698909"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697573"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Adbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776698050"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ac5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776798011"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697568"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Ae2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776888642"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Aa696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776887968"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776752646"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aaf6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697488"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ab615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697573"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776798011"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ad682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697568"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776887968"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ab64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776752646"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697488"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697573"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776798011"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697568"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776887968"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776752646"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697488"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697573"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776798011"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776697568"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776887968"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776752646"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T17:11:19+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11856"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:53d2838548e77931e94f9bcd85e941fb694b28a3585d280ddcb761344d2845e6_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:65503333e10391dca7854bd07dc161288cc00b1a722533e42af1e2c4c3c0afeb_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:8185411ec370b562124ed94598c1dc5128f7b4eba2612d59a0b0b5c767a2a697_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d682a5dd2a55034acfd3fe24b70526d1f514cf7e058aa51505d72537045cf3be_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:cba47e962ec1b6b6f68cea1b231e4a69f8e8ec25067b6e603ebeb268c9fc1ee0_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2195b3586d18555507672ce46cbe7ca44fc89271217f4d10c4a0f709d63a2ad9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4454746edc32128a37ab4be8b97c99b87fd8d85fc2199a2d80834ff72f9790d5_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:b615e4d4f9d80660cd340c20df280f0387049f5940f7bb2812d2e3bf325a12f9_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ff9ba83cb0a4505d9bfbd5b0826400b0d3685572e8f599a2813f1462c8a2c310_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:dbdd7ba0477474b50810b0950c8e50171b2327f81ad14ff02ba34cb69885cd45_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:523a51c7c519af386cdaebb7e67971f0a05a7b31fb6683be852a291aada8201a_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:7ce1aebe1c0916ab52b66902127625b13c19231ffd67b24c8606a0131f19d4f9_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:8e02861c489702fb5b0ecb60c8b4e9bb6a14a5f026ceee9fee482891cf7dd61e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:c5fdf182c5b34b44e21971af93272ac07a2521c3d496b6d92c0a3a7afe3bd362_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7551505ec9af37fd96ad9a226a475d3d7169eb7d861c4f45cd490ff1f0fae1d3_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:64b287be516147f19f83fe4ac93471de19a8bcc1e3489d7298b734ec26d45aab_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:943fe18122c39717e8874df366a9d8cb2e98572e62af6773445b6328b38b9b0e_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:af6903e508dc41730b05d855d363f53c0e8efcb327429b59cbca959a9cc6aaf1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:ee5eec8ed546799aa60d3181f45810632ce280a310a0f75fa847d8cfa0a7690d_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:e2e10580ca1783ac80ea08851c21f4accaa284951d7a909a59d3484ec3077163_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:0578be0cbc9bbbdd5bf86e5bbc15d1741f654af7149efdf184d300f6a3c0b86a_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:18da4574e93bb4cdf09757ad095257912cfdf8506546d83b2f705fbb9d067282_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:2a5eb683e47b2f8e1d02546ff6a640c984e71a9e657112243da082aea47d7af8_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:a696f5af8140d39bf5528d1efc1affab93050fb764c0e6d09c61f819375be139_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:3c87ef209deb488a3c37626273123280364972c155ae53d986fbc784bf219892_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:6af0be7e815a0c1db832025550381df8869a824393be8025d4cceb7e610619e9_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:b64f0e80cebf4fe945fa945a9df2796c463cb3026a7cfd32e9ab2fc98528b7d3_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e7316f47c02a052e731b15ee00e9bb0ed4a9a1dd19f5b2423150e83ebcb010dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:11996
Vulnerability from csaf_redhat - Published: 2026-04-30 01:20 - Updated: 2026-05-04 08:25Summary
Red Hat Security Advisory: Red Hat Quay 3.9.21
Severity
Important
Notes
Topic: Red Hat Quay 3.9.21 is now available with bug fixes.
Details: Quay 3.9.21
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11996
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11996
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11996
Workaround
To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11996
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11996
Workaround
To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11996
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.21 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.21",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11996",
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11996.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.21",
"tracking": {
"current_release_date": "2026-05-04T08:25:22+00:00",
"generator": {
"date": "2026-05-04T08:25:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2026:11996",
"initial_release_date": "2026-04-30T01:20:06+00:00",
"revision_history": [
{
"date": "2026-04-30T01:20:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-30T01:20:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-04T08:25:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776963375"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776962931"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Ad201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956601"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705943"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1777327525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1777328140"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908959"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776782369"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776962931"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1777327525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ab8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908959"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776782369"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ad18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776962931"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776956008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ac2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1777327525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Abad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908959"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776782369"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T01:20:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11996"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:9830eae6b8589e5a4a2e50d201a33f6e9b64ac3b04d7d045d7fd812609fde97a_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:b8f34f08a7a695f6ccf9b88e6c2ce1f1cae76f98d9005588424b0ef8a58f4549_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:bad2d6be0381249da08576fc6e733dd51cb30a0997b17b512c19a39b0e30df08_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:d201aa07519a56ee384d8ce004ff97ff4dcade74fed273dd5e731a0ce249c021_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6a8c24949c45070e83a5d492e7235969b2a241a37649baea8d8af48d8444f0db_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:787fc4e689380b857b2a4e62d2950952f97117b65cd84d033f2e8e8e9b28ef19_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:78aeb71e263279f23deaacb546676aa3739365e6581b3a2d8f1846339ec68f6f_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:8b22279c558993df180f6dce49f37a429804031963185415d70eafe4af1d5875_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:1b9ba50e0ed691c3f38bbfa1c979ad91ffbc618fea4ee91748412d941c53a5da_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:84a239c3762ffa42bde673f5e6715acabcafa67122ad8684b9c6672fc1300cea_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:c2d65b2417e8c05886b3cb50c7696ae83e04418aebc4dc6f6c96ecebe39991ac_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9b37a43bac0c38e9b7debf427890b9b664d93b2ccd8c4298e860b7ee89ee3c43_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6e0d179df39acec2ac05188366be788a84d35613145c24054a90656712108fe5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a0d02b6a2c597aa278b5b512185ffc0dde7ea1769e1178907cd0dbe5b739309b_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d18d9c62d72faf3bf5388fa994dfe715a5f46d3a7ea5042952de7f1a750f297e_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:637054b16092a2f972f7da7c1d47c00f5f2ca670b464374d68cbeabd25db3889_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:048a42a26c19cbc973e36284a7a80018af580c97d7046bfc513e7cdfae45292f_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:132c4a7071f70729f971e7c258a60c8b2c6d6427adae3014acdb066fb3415cbb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:3ae36f520f4560f23b7b4ecbe24fd9bfb6dc3199aaa0bed38dec7c381e5b4067_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:2c3c6f149c673cfd68cb5cc62f75bb75480a8d4f4470a7de93191bca1cc0f253_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:593f1bf28190a411fde00fc5bedf5ca4059b0213b7c3e6455c205aa18ad7d7d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:9ad34f2c10bd76352bd771579118ffdcc2a2138a0d1aecae4867b5772cd56814_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
RHSA-2026:10754
Vulnerability from csaf_redhat - Published: 2026-04-27 10:15 - Updated: 2026-04-30 03:26Summary
Red Hat Security Advisory: RHUI 4.11.4 security update - python-pyOpenSSL
Severity
Important
Notes
Topic: An updated version of Red Hat Update Infrastructure (RHUI) is now
available. RHUI 4.11.4 resolves a security vulnerability in pyOpenSSL.
Details: Red Hat Update Infrastructure (RHUI) provides a highly scalable and redundant framework for managing repositories and content. It also allows cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances.
Security Fixes:
* pyOpenSSL: DTLS cookie callback buffer overflow (CVE-2026-27459)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For detailed instructions on how to apply this update, see:
https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4/html/migrating_red_hat_update_infrastructure/assembly_upgrading-red-hat-update-infrastructure_migrating-red-hat-update-infrastructure
Note: While there is no updated version of rhui-installer, for this update to take effect, it is necessary to rerun rhui-installer on the RHUA node and to reinstall the CDS nodes, as described in the documentation.
For other information, see the product documentation:
https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4
https://access.redhat.com/errata/RHSA-2026:10754
Workaround
To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.
References
| URL | Category | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated version of Red Hat Update Infrastructure (RHUI) is now\navailable. RHUI 4.11.4 resolves a security vulnerability in pyOpenSSL.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Update Infrastructure (RHUI) provides a highly scalable and redundant framework for managing repositories and content. It also allows cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances.\n\nSecurity Fixes:\n* pyOpenSSL: DTLS cookie callback buffer overflow (CVE-2026-27459)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:10754",
"url": "https://access.redhat.com/errata/RHSA-2026:10754"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_10754.json"
}
],
"title": "Red Hat Security Advisory: RHUI 4.11.4 security update - python-pyOpenSSL",
"tracking": {
"current_release_date": "2026-04-30T03:26:25+00:00",
"generator": {
"date": "2026-04-30T03:26:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2026:10754",
"initial_release_date": "2026-04-27T10:15:08+00:00",
"revision_history": [
{
"date": "2026-04-27T10:15:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-27T10:15:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T03:26:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHUI 4 for RHEL 8",
"product": {
"name": "RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhui:4::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Update Infrastructure"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pyOpenSSL-0:24.1.0-2.el8ui.src",
"product": {
"name": "python-pyOpenSSL-0:24.1.0-2.el8ui.src",
"product_id": "python-pyOpenSSL-0:24.1.0-2.el8ui.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-pyOpenSSL@24.1.0-2.el8ui?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch",
"product": {
"name": "python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch",
"product_id": "python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.11-pyOpenSSL@24.1.0-2.el8ui?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pyOpenSSL-0:24.1.0-2.el8ui.src as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python-pyOpenSSL-0:24.1.0-2.el8ui.src"
},
"product_reference": "python-pyOpenSSL-0:24.1.0-2.el8ui.src",
"relates_to_product_reference": "8Base-RHUI-4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch as a component of RHUI 4 for RHEL 8",
"product_id": "8Base-RHUI-4:python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch"
},
"product_reference": "python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch",
"relates_to_product_reference": "8Base-RHUI-4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHUI-4:python-pyOpenSSL-0:24.1.0-2.el8ui.src",
"8Base-RHUI-4:python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-27T10:15:08+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor detailed instructions on how to apply this update, see:\nhttps://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4/html/migrating_red_hat_update_infrastructure/assembly_upgrading-red-hat-update-infrastructure_migrating-red-hat-update-infrastructure\n\nNote: While there is no updated version of rhui-installer, for this update to take effect, it is necessary to rerun rhui-installer on the RHUA node and to reinstall the CDS nodes, as described in the documentation.\n\nFor other information, see the product documentation:\nhttps://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4",
"product_ids": [
"8Base-RHUI-4:python-pyOpenSSL-0:24.1.0-2.el8ui.src",
"8Base-RHUI-4:python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:10754"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"8Base-RHUI-4:python-pyOpenSSL-0:24.1.0-2.el8ui.src",
"8Base-RHUI-4:python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHUI-4:python-pyOpenSSL-0:24.1.0-2.el8ui.src",
"8Base-RHUI-4:python3.11-pyOpenSSL-0:24.1.0-2.el8ui.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
}
]
}
RHSA-2026:7224
Vulnerability from csaf_redhat - Published: 2026-04-09 04:58 - Updated: 2026-04-30 03:28Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Important
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs:
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in pyOpenSSL. The set_tlsext_servername_callback callback function can be used to implement Server Name Indication (SNI) during the TLS handshake. When the callback raises an unhandled exception, the handshake incorrectly proceeds instead of terminating. This fail-open behavior can allow an attacker to bypass SNI-based security controls and access restricted endpoints.
5.4 (Medium)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7224
Workaround
To mitigate this flaw, ensure the callback provided to the set_tlsext_servername_callback function is wrapped in a try/except block. This block should explicitly return a failure code instead of allowing the exception to propagate.
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Vendor Fix
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://images.redhat.com/
https://access.redhat.com/errata/RHSA-2026:7224
Workaround
To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7224",
"url": "https://access.redhat.com/errata/RHSA-2026:7224"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27448",
"url": "https://access.redhat.com/security/cve/CVE-2026-27448"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7224.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-04-30T03:28:23+00:00",
"generator": {
"date": "2026-04-30T03:28:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2026:7224",
"initial_release_date": "2026-04-09T04:58:57+00:00",
"revision_history": [
{
"date": "2026-04-09T04:58:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-20T14:47:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T03:28:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "pyopenssl-main@src",
"product": {
"name": "pyopenssl-main@src",
"product_id": "pyopenssl-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyOpenSSL@26.0.0-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pyopenssl-main@noarch",
"product": {
"name": "pyopenssl-main@noarch",
"product_id": "pyopenssl-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pyOpenSSL-doc@26.0.0-1.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pyopenssl-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:pyopenssl-main@noarch"
},
"product_reference": "pyopenssl-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pyopenssl-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:pyopenssl-main@src"
},
"product_reference": "pyopenssl-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27448",
"cwe": {
"id": "CWE-636",
"name": "Not Failing Securely (\u0027Failing Open\u0027)"
},
"discovery_date": "2026-03-18T00:02:04.322126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448508"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_tlsext_servername_callback callback function can be used to implement Server Name Indication (SNI) during the TLS handshake. When the callback raises an unhandled exception, the handshake incorrectly proceeds instead of terminating. This fail-open behavior can allow an attacker to bypass SNI-based security controls and access restricted endpoints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_tlsext_servername_callback function. For the handshake to proceed incorrectly, the callback must raise an unhandled exception, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:pyopenssl-main@noarch",
"Red Hat Hardened Images:pyopenssl-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27448"
},
{
"category": "external",
"summary": "RHBZ#2448508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448508"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27448"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst#L27"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0",
"url": "https://github.com/pyca/pyopenssl/commit/d41a814759a9fb49584ca8ab3f7295de49a85aa0"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-vp96-hxj8-p424"
}
],
"release_date": "2026-03-17T23:24:30.661000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T04:58:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:pyopenssl-main@noarch",
"Red Hat Hardened Images:pyopenssl-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7224"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_tlsext_servername_callback function is wrapped in a try/except block. This block should explicitly return a failure code instead of allowing the exception to propagate.",
"product_ids": [
"Red Hat Hardened Images:pyopenssl-main@noarch",
"Red Hat Hardened Images:pyopenssl-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:pyopenssl-main@noarch",
"Red Hat Hardened Images:pyopenssl-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pyOpenSSL: TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:pyopenssl-main@noarch",
"Red Hat Hardened Images:pyopenssl-main@src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T04:58:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:pyopenssl-main@noarch",
"Red Hat Hardened Images:pyopenssl-main@src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7224"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Hardened Images:pyopenssl-main@noarch",
"Red Hat Hardened Images:pyopenssl-main@src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:pyopenssl-main@noarch",
"Red Hat Hardened Images:pyopenssl-main@src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
}
]
}
RHSA-2026:11916
Vulnerability from csaf_redhat - Published: 2026-04-29 21:18 - Updated: 2026-05-04 08:25Summary
Red Hat Security Advisory: Red Hat Quay 3.10.21
Severity
Important
Notes
Topic: Red Hat Quay 3.10.21 is now available with bug fixes.
Details: Quay 3.10.21
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
No description is available for this CVE.
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11916
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11916
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.
8.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11916
Workaround
To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.
A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).
8.8 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11916
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11916
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a "slice bounds out of range panic", resulting in a Denial of Service (DoS) for the affected application.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11916
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11916
Workaround
To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:11916
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.21 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.21",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:11916",
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27459",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29063",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-29074",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32286",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4427",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_11916.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.21",
"tracking": {
"current_release_date": "2026-05-04T08:25:22+00:00",
"generator": {
"date": "2026-05-04T08:25:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2026:11916",
"initial_release_date": "2026-04-29T21:18:39+00:00",
"revision_history": [
{
"date": "2026-04-29T21:18:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-29T21:18:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-04T08:25:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.1",
"product": {
"name": "Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3Adb1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776785871"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784458"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Aa85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776785891"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784548"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776706008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1777302567"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1777303274"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908884"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Adcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1776736910"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784458"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784548"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1777302567"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908884"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1776736910"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784458"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776784548"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1777302567"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776705546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Abf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776908884"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1776736910"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4427",
"discovery_date": "2026-03-18T14:02:19.414820+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4427"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4427"
}
],
"release_date": "2026-03-18T13:00:31+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
}
],
"title": "github.com/jackc/pgproto3: pgproto3: Denial of Service via negative field length in DataRow message"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-03-18T00:01:41.404915+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448503"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyOpenSSL. The set_cookie_generate_callback callback function can be used to generate DTLS cookies. When the callback returns a cookie string or byte sequence longer than 256 bytes, a buffer overflow can be triggered due to a missing bounds checking before copying the data to a fixed-size buffer provided by the underlying OpenSSL library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyOpenSSL: DTLS cookie callback buffer overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is only exploitable when an application using the pyOpenSSL library provides a custom callback to the set_cookie_generate_callback function. For the buffer overflow to occur, the callback function must return a cookie string or byte sequence longer than 256 bytes, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "RHBZ#2448503",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448503"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"category": "external",
"summary": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"release_date": "2026-03-17T23:34:28.483000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "To mitigate this flaw, ensure the callback provided to the set_cookie_generate_callback function strictly limits the returned cookie string or byte sequence to under 256 bytes.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyOpenSSL: DTLS cookie callback buffer overflow"
},
{
"cve": "CVE-2026-29063",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-06T19:00:57.982727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445291"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Immutable.js, a library for persistent immutable data structures. This vulnerability, known as Prototype Pollution, allows an attacker with low privileges to inject unwanted properties into core JavaScript object prototypes without user interaction. By manipulating specific APIs such as mergeDeep(), mergeDeepWith(), merge(), Map.toJS(), and Map.toObject(), a remote attacker could potentially execute arbitrary code or cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this vulnerability requires that an attacker is able to provide arbitrary data to clients of this library in a way that calls the affected functions with data the attacker controls. In most deployments, the ability to provide data in this fashion requires that an attacker has some degree of privileges to access the affected applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29063"
},
{
"category": "external",
"summary": "RHBZ#2445291",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445291"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29063"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v3.8.3"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v4.3.8"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5",
"url": "https://github.com/immutable-js/immutable-js/releases/tag/v5.1.5"
},
{
"category": "external",
"summary": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw",
"url": "https://github.com/immutable-js/immutable-js/security/advisories/GHSA-wf6x-7x77-mvgw"
}
],
"release_date": "2026-03-06T18:25:22.438000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "immutable-js: Immutable.js: Arbitrary code execution via Prototype Pollution"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
},
{
"cve": "CVE-2026-32286",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-26T20:01:59.226117+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451847"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the DataRow.Decode function within the github.com/jackc/pgproto3/v2 component. A malicious or compromised PostgreSQL server can exploit this by sending a DataRow message containing a negative field length. This improper validation of field lengths leads to a \"slice bounds out of range panic\", resulting in a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32286"
},
{
"category": "external",
"summary": "RHBZ#2451847",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451847"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32286"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32286"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4518",
"url": "https://github.com/golang/vulndb/issues/4518"
},
{
"category": "external",
"summary": "https://github.com/jackc/pgx/issues/2507",
"url": "https://github.com/jackc/pgx/issues/2507"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4518",
"url": "https://pkg.go.dev/vuln/GO-2026-4518"
}
],
"release_date": "2026-03-26T19:40:51.974000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-29T21:18:39+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:11916"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:0a65832e2056a4f317afc7aaffa870418a67a5c8216787469d5845e7b9e1da56_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:62c33fd8160ec9f5ca795496c302f9ab708167a784f56422705e42a73eaa69fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:77f795c922f07ccdb237e98bc0184c2b63e640bb9fb71c183b00ece2d4d423f7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:a85190ee795f8fa1e9324af5e0af259ab69fa3a05272a5bb5f4076d372fd5fd1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:2aa45808282b59093c37870eee91e90f3ea0f5505a2c3081044426afc1b24c43_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:57a8db4bfcc0f507fc46e9e0f379bb85558431940861d5ccf7d67c28b4ce70d6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:628fb2f45f9ae0a1f7ade369ddb11aaf19e849914df3e1602a72bbd747c39403_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:0349e3a25a20874671f34ded49ea0a692a4ccff726ae9a7c212134edd5684aa6_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:3ef001da349fb2880c5b4c7b2b480d84497d2d7b06d5f88b434a5867b15831ea_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:762a843c527f3eae162e4bedee20f88b2df2919499bc07ee156ed6e575673a2b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9d564610e1019680260e701955356a2fbd14de32a46506128208c1ebc6771e0e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:db1bd588d96d3eff25fce96b0e6d78d042b6041b0bb31a64f4683df65b3af5e3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:5845f4f7c9d013682cf2605a766aeb698e41934f85e3cf4f40a39f95036d2778_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:7e32adf6e8872a6b867d64020b03c1ed4ecbb4079539c3f66e85a595704b008d_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a39cdaf818b6cc9fcb1c780a82c39b1f8d7f00dcb5f4ecdf5795cd7452f56203_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:77dbe735cb007c4cb31d0d01e26aa46f7014ea4089b72630d206526605b78e52_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:489446f0c5a57d9d6bcdb7b0ccba2db6c5f961693bc0c95cda02a6ee52a718ae_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:7c05bf2bab975c345fbb1f54c74ce00b512a7780262087ffeb5e18e39d357e2e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:bf747665d8f980936633273351381207f0db7e5a920f6c1745dd1282f9a7a7a7_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:1f42a9088fd931804a16d6170c2d65a1a49b2433e906d3e3ac59f5169793ae8d_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:82890320e84c3be368d5f7e4b76fb99d6a20340cd5c3b2809e3e23cabc76bc7b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:dcf424eb353016ba6d2751052099542b330f99ea8ee0540431e50a8df5628263_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
SUSE-SU-2026:1192-1
Vulnerability from csaf_suse - Published: 2026-04-07 08:39 - Updated: 2026-04-07 08:39Summary
Security update for python-pyOpenSSL
Severity
Important
Notes
Title of the patch: Security update for python-pyOpenSSL
Description of the patch: This update for python-pyOpenSSL fixes the following issues:
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).
- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).
Patchnames: SUSE-2026-1192,SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1192,SUSE-SLE-Module-Python3-15-SP7-2026-1192,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1192,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1192,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1192,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1192,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1192,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1192,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1192,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1192,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1192,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1192,openSUSE-SLE-15.6-2026-1192
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyOpenSSL",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyOpenSSL fixes the following issues:\n\n- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).\n- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1192,SUSE-SLE-Module-Public-Cloud-15-SP4-2026-1192,SUSE-SLE-Module-Python3-15-SP7-2026-1192,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-1192,SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-1192,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1192,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1192,SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-1192,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1192,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1192,SUSE-SLE-Product-SLES_SAP-15-SP4-2026-1192,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1192,SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1192,openSUSE-SLE-15.6-2026-1192",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1192-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1192-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261192-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1192-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045297.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259804",
"url": "https://bugzilla.suse.com/1259804"
},
{
"category": "self",
"summary": "SUSE Bug 1259808",
"url": "https://bugzilla.suse.com/1259808"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27448 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27459 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27459/"
}
],
"title": "Security update for python-pyOpenSSL",
"tracking": {
"current_release_date": "2026-04-07T08:39:34Z",
"generator": {
"date": "2026-04-07T08:39:34Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1192-1",
"initial_release_date": "2026-04-07T08:39:34Z",
"revision_history": [
{
"date": "2026-04-07T08:39:34Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"product": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"product_id": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
},
"product_reference": "python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27448"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"openSUSE Leap 15.6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27448",
"url": "https://www.suse.com/security/cve/CVE-2026-27448"
},
{
"category": "external",
"summary": "SUSE Bug 1259804 for CVE-2026-27448",
"url": "https://bugzilla.suse.com/1259804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"openSUSE Leap 15.6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"openSUSE Leap 15.6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-07T08:39:34Z",
"details": "moderate"
}
],
"title": "CVE-2026-27448"
},
{
"cve": "CVE-2026-27459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27459"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"openSUSE Leap 15.6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27459",
"url": "https://www.suse.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "SUSE Bug 1259808 for CVE-2026-27459",
"url": "https://bugzilla.suse.com/1259808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"openSUSE Leap 15.6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch",
"openSUSE Leap 15.6:python311-pyOpenSSL-23.2.0-150400.3.13.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-07T08:39:34Z",
"details": "important"
}
],
"title": "CVE-2026-27459"
}
]
}
SUSE-SU-2026:20960-1
Vulnerability from csaf_suse - Published: 2026-04-01 10:05 - Updated: 2026-04-01 10:05Summary
Security update for python-pyOpenSSL
Severity
Important
Notes
Title of the patch: Security update for python-pyOpenSSL
Description of the patch: This update for python-pyOpenSSL fixes the following issues:
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).
- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).
Patchnames: SUSE-SLE-Micro-6.0-649
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyOpenSSL",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyOpenSSL fixes the following issues:\n\n- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).\n- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-649",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20960-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20960-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620960-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20960-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045279.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259804",
"url": "https://bugzilla.suse.com/1259804"
},
{
"category": "self",
"summary": "SUSE Bug 1259808",
"url": "https://bugzilla.suse.com/1259808"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27448 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27459 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27459/"
}
],
"title": "Security update for python-pyOpenSSL",
"tracking": {
"current_release_date": "2026-04-01T10:05:58Z",
"generator": {
"date": "2026-04-01T10:05:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20960-1",
"initial_release_date": "2026-04-01T10:05:58Z",
"revision_history": [
{
"date": "2026-04-01T10:05:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-pyOpenSSL-24.0.0-2.1.noarch",
"product": {
"name": "python311-pyOpenSSL-24.0.0-2.1.noarch",
"product_id": "python311-pyOpenSSL-24.0.0-2.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-24.0.0-2.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:python311-pyOpenSSL-24.0.0-2.1.noarch"
},
"product_reference": "python311-pyOpenSSL-24.0.0-2.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27448"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:python311-pyOpenSSL-24.0.0-2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27448",
"url": "https://www.suse.com/security/cve/CVE-2026-27448"
},
{
"category": "external",
"summary": "SUSE Bug 1259804 for CVE-2026-27448",
"url": "https://bugzilla.suse.com/1259804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:python311-pyOpenSSL-24.0.0-2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:python311-pyOpenSSL-24.0.0-2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-01T10:05:58Z",
"details": "moderate"
}
],
"title": "CVE-2026-27448"
},
{
"cve": "CVE-2026-27459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27459"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:python311-pyOpenSSL-24.0.0-2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27459",
"url": "https://www.suse.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "SUSE Bug 1259808 for CVE-2026-27459",
"url": "https://bugzilla.suse.com/1259808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:python311-pyOpenSSL-24.0.0-2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:python311-pyOpenSSL-24.0.0-2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-01T10:05:58Z",
"details": "important"
}
],
"title": "CVE-2026-27459"
}
]
}
SUSE-SU-2026:20930-1
Vulnerability from csaf_suse - Published: 2026-03-25 03:41 - Updated: 2026-03-25 03:41Summary
Security update for python-pyOpenSSL
Severity
Important
Notes
Title of the patch: Security update for python-pyOpenSSL
Description of the patch: This update for python-pyOpenSSL fixes the following issues:
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).
- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).
Patchnames: SUSE-SLES-16.0-439
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyOpenSSL",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyOpenSSL fixes the following issues:\n\n- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).\n- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLES-16.0-439",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20930-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20930-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620930-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20930-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045222.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259804",
"url": "https://bugzilla.suse.com/1259804"
},
{
"category": "self",
"summary": "SUSE Bug 1259808",
"url": "https://bugzilla.suse.com/1259808"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27448 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27459 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27459/"
}
],
"title": "Security update for python-pyOpenSSL",
"tracking": {
"current_release_date": "2026-03-25T03:41:42Z",
"generator": {
"date": "2026-03-25T03:41:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20930-1",
"initial_release_date": "2026-03-25T03:41:42Z",
"revision_history": [
{
"date": "2026-03-25T03:41:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"product": {
"name": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"product_id": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch as component of SUSE Linux Enterprise Server 16.0",
"product_id": "SUSE Linux Enterprise Server 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
},
"product_reference": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch as component of SUSE Linux Enterprise Server for SAP applications 16.0",
"product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
},
"product_reference": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27448"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27448",
"url": "https://www.suse.com/security/cve/CVE-2026-27448"
},
{
"category": "external",
"summary": "SUSE Bug 1259804 for CVE-2026-27448",
"url": "https://bugzilla.suse.com/1259804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T03:41:42Z",
"details": "moderate"
}
],
"title": "CVE-2026-27448"
},
{
"cve": "CVE-2026-27459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27459"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27459",
"url": "https://www.suse.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "SUSE Bug 1259808 for CVE-2026-27459",
"url": "https://bugzilla.suse.com/1259808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"SUSE Linux Enterprise Server for SAP applications 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T03:41:42Z",
"details": "important"
}
],
"title": "CVE-2026-27459"
}
]
}
SUSE-SU-2026:20954-1
Vulnerability from csaf_suse - Published: 2026-04-01 09:35 - Updated: 2026-04-01 09:35Summary
Security update for python-pyOpenSSL
Severity
Important
Notes
Title of the patch: Security update for python-pyOpenSSL
Description of the patch: This update for python-pyOpenSSL fixes the following issues:
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).
- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).
Patchnames: SUSE-SLE-Micro-6.1-467
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyOpenSSL",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyOpenSSL fixes the following issues:\n\n- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).\n- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-467",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20954-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:20954-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620954-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:20954-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045285.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259804",
"url": "https://bugzilla.suse.com/1259804"
},
{
"category": "self",
"summary": "SUSE Bug 1259808",
"url": "https://bugzilla.suse.com/1259808"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27448 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27459 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27459/"
}
],
"title": "Security update for python-pyOpenSSL",
"tracking": {
"current_release_date": "2026-04-01T09:35:43Z",
"generator": {
"date": "2026-04-01T09:35:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:20954-1",
"initial_release_date": "2026-04-01T09:35:43Z",
"revision_history": [
{
"date": "2026-04-01T09:35:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch",
"product": {
"name": "python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch",
"product_id": "python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch"
},
"product_reference": "python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27448"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27448",
"url": "https://www.suse.com/security/cve/CVE-2026-27448"
},
{
"category": "external",
"summary": "SUSE Bug 1259804 for CVE-2026-27448",
"url": "https://bugzilla.suse.com/1259804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-01T09:35:43Z",
"details": "moderate"
}
],
"title": "CVE-2026-27448"
},
{
"cve": "CVE-2026-27459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27459"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27459",
"url": "https://www.suse.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "SUSE Bug 1259808 for CVE-2026-27459",
"url": "https://bugzilla.suse.com/1259808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:python311-pyOpenSSL-24.0.0-slfo.1.1_2.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-01T09:35:43Z",
"details": "important"
}
],
"title": "CVE-2026-27459"
}
]
}
MSRC_CVE-2026-27459
Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-03-21 01:37Summary
pyOpenSSL DTLS cookie callback buffer overflow
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
CWE-120
- Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
None Available
There is no fix available for this vulnerability as of now
Vendor Fix
24.2.1-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade
https://learn.microsoft.com/en-us/azure/azure-lin…
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-27459.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "pyOpenSSL DTLS cookie callback buffer overflow",
"tracking": {
"current_release_date": "2026-03-21T01:37:02.000Z",
"generator": {
"date": "2026-03-21T07:04:22.887Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-27459",
"initial_release_date": "2026-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-03-19T01:04:31.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-03-21T01:37:02.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 pyOpenSSL 24.2.1-1",
"product": {
"name": "\u003cazl3 pyOpenSSL 24.2.1-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 pyOpenSSL 24.2.1-1",
"product": {
"name": "azl3 pyOpenSSL 24.2.1-1",
"product_id": "21066"
}
},
{
"category": "product_version_range",
"name": "cbl2 pyOpenSSL 18.0.0-8",
"product": {
"name": "cbl2 pyOpenSSL 18.0.0-8",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "pyOpenSSL"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 pyOpenSSL 24.2.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 pyOpenSSL 24.2.1-1 as a component of Azure Linux 3.0",
"product_id": "21066-17084"
},
"product_reference": "21066",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 pyOpenSSL 18.0.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27459",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "general",
"text": "GitHub_M",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21066-17084"
],
"known_affected": [
"17084-2",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-27459 pyOpenSSL DTLS cookie callback buffer overflow - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-27459.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-03-19T01:04:31.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-1"
]
},
{
"category": "vendor_fix",
"date": "2026-03-19T01:04:31.000Z",
"details": "24.2.1-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"title": "pyOpenSSL DTLS cookie callback buffer overflow"
}
]
}
FKIE_CVE-2026-27459
Vulnerability from fkie_nvd - Published: 2026-03-18 00:16 - Updated: 2026-03-25 16:41
Severity ?
Summary
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst | Release Notes | |
| security-advisories@github.com | https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408 | Patch | |
| security-advisories@github.com | https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pyopenssl:pyopenssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36CBBDFE-83B3-4F32-98E6-49E62AD0BD1B",
"versionEndExcluding": "26.0.0",
"versionStartIncluding": "22.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected."
},
{
"lang": "es",
"value": "pyOpenSSL es un envoltorio de Python para la biblioteca OpenSSL. A partir de la versi\u00f3n 22.0.0 y antes de la versi\u00f3n 26.0.0, si una devoluci\u00f3n de llamada proporcionada por el usuario a set_cookie_generate_callback devolv\u00eda un valor de cookie superior a 256 bytes, pyOpenSSL desbordar\u00eda un b\u00fafer proporcionado por OpenSSL. A partir de la versi\u00f3n 26.0.0, los valores de cookie que son demasiado largos ahora son rechazados."
}
],
"id": "CVE-2026-27459",
"lastModified": "2026-03-25T16:41:28.017",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "UNREPORTED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-03-18T00:16:19.273",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
OPENSUSE-SU-2026:10392-1
Vulnerability from csaf_opensuse - Published: 2026-03-19 00:00 - Updated: 2026-03-19 00:00Summary
python311-pyOpenSSL-26.0.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-pyOpenSSL-26.0.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the python311-pyOpenSSL-26.0.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10392
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-pyOpenSSL-26.0.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-pyOpenSSL-26.0.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10392",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10392-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27448 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27459 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27459/"
}
],
"title": "python311-pyOpenSSL-26.0.0-1.1 on GA media",
"tracking": {
"current_release_date": "2026-03-19T00:00:00Z",
"generator": {
"date": "2026-03-19T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10392-1",
"initial_release_date": "2026-03-19T00:00:00Z",
"revision_history": [
{
"date": "2026-03-19T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-pyOpenSSL-26.0.0-1.1.aarch64",
"product": {
"name": "python311-pyOpenSSL-26.0.0-1.1.aarch64",
"product_id": "python311-pyOpenSSL-26.0.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-pyOpenSSL-26.0.0-1.1.aarch64",
"product": {
"name": "python313-pyOpenSSL-26.0.0-1.1.aarch64",
"product_id": "python313-pyOpenSSL-26.0.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-pyOpenSSL-26.0.0-1.1.ppc64le",
"product": {
"name": "python311-pyOpenSSL-26.0.0-1.1.ppc64le",
"product_id": "python311-pyOpenSSL-26.0.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-pyOpenSSL-26.0.0-1.1.ppc64le",
"product": {
"name": "python313-pyOpenSSL-26.0.0-1.1.ppc64le",
"product_id": "python313-pyOpenSSL-26.0.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-pyOpenSSL-26.0.0-1.1.s390x",
"product": {
"name": "python311-pyOpenSSL-26.0.0-1.1.s390x",
"product_id": "python311-pyOpenSSL-26.0.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-pyOpenSSL-26.0.0-1.1.s390x",
"product": {
"name": "python313-pyOpenSSL-26.0.0-1.1.s390x",
"product_id": "python313-pyOpenSSL-26.0.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-pyOpenSSL-26.0.0-1.1.x86_64",
"product": {
"name": "python311-pyOpenSSL-26.0.0-1.1.x86_64",
"product_id": "python311-pyOpenSSL-26.0.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-pyOpenSSL-26.0.0-1.1.x86_64",
"product": {
"name": "python313-pyOpenSSL-26.0.0-1.1.x86_64",
"product_id": "python313-pyOpenSSL-26.0.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-26.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.aarch64"
},
"product_reference": "python311-pyOpenSSL-26.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-26.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.ppc64le"
},
"product_reference": "python311-pyOpenSSL-26.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-26.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.s390x"
},
"product_reference": "python311-pyOpenSSL-26.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-pyOpenSSL-26.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.x86_64"
},
"product_reference": "python311-pyOpenSSL-26.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyOpenSSL-26.0.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.aarch64"
},
"product_reference": "python313-pyOpenSSL-26.0.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyOpenSSL-26.0.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.ppc64le"
},
"product_reference": "python313-pyOpenSSL-26.0.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyOpenSSL-26.0.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.s390x"
},
"product_reference": "python313-pyOpenSSL-26.0.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyOpenSSL-26.0.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.x86_64"
},
"product_reference": "python313-pyOpenSSL-26.0.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27448"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27448",
"url": "https://www.suse.com/security/cve/CVE-2026-27448"
},
{
"category": "external",
"summary": "SUSE Bug 1259804 for CVE-2026-27448",
"url": "https://bugzilla.suse.com/1259804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-19T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-27448"
},
{
"cve": "CVE-2026-27459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27459"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27459",
"url": "https://www.suse.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "SUSE Bug 1259808 for CVE-2026-27459",
"url": "https://bugzilla.suse.com/1259808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python311-pyOpenSSL-26.0.0-1.1.x86_64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.aarch64",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.ppc64le",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.s390x",
"openSUSE Tumbleweed:python313-pyOpenSSL-26.0.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-19T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27459"
}
]
}
OPENSUSE-SU-2026:20419-1
Vulnerability from csaf_opensuse - Published: 2026-03-25 03:41 - Updated: 2026-03-25 03:41Summary
Security update for python-pyOpenSSL
Severity
Important
Notes
Title of the patch: Security update for python-pyOpenSSL
Description of the patch: This update for python-pyOpenSSL fixes the following issues:
- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).
- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).
Patchnames: openSUSE-Leap-16.0-439
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pyOpenSSL",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pyOpenSSL fixes the following issues:\n\n- CVE-2026-27448: unhandled exception can result in connection not being cancelled (bsc#1259804).\n- CVE-2026-27459: large cookie value can lead to a buffer overflow (bsc#1259808).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-439",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20419-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1259804",
"url": "https://bugzilla.suse.com/1259804"
},
{
"category": "self",
"summary": "SUSE Bug 1259808",
"url": "https://bugzilla.suse.com/1259808"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27448 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27459 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27459/"
}
],
"title": "Security update for python-pyOpenSSL",
"tracking": {
"current_release_date": "2026-03-25T03:41:43Z",
"generator": {
"date": "2026-03-25T03:41:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20419-1",
"initial_release_date": "2026-03-25T03:41:43Z",
"revision_history": [
{
"date": "2026-03-25T03:41:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"product": {
"name": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"product_id": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
},
"product_reference": "python313-pyOpenSSL-25.0.0-160000.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27448"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 0.14.0 and prior to version 26.0.0, if a user provided callback to `set_tlsext_servername_callback` raised an unhandled exception, this would result in a connection being accepted. If a user was relying on this callback for any security-sensitive behavior, this could allow bypassing it. Starting in version 26.0.0, unhandled exceptions now result in rejecting the connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27448",
"url": "https://www.suse.com/security/cve/CVE-2026-27448"
},
{
"category": "external",
"summary": "SUSE Bug 1259804 for CVE-2026-27448",
"url": "https://bugzilla.suse.com/1259804"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T03:41:43Z",
"details": "moderate"
}
],
"title": "CVE-2026-27448"
},
{
"cve": "CVE-2026-27459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27459"
}
],
"notes": [
{
"category": "general",
"text": "pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27459",
"url": "https://www.suse.com/security/cve/CVE-2026-27459"
},
{
"category": "external",
"summary": "SUSE Bug 1259808 for CVE-2026-27459",
"url": "https://bugzilla.suse.com/1259808"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:python313-pyOpenSSL-25.0.0-160000.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T03:41:43Z",
"details": "important"
}
],
"title": "CVE-2026-27459"
}
]
}
GHSA-5PWR-322W-8JR4
Vulnerability from github – Published: 2026-03-16 16:22 – Updated: 2026-03-19 18:28
VLAI?
Summary
pyOpenSSL DTLS cookie callback buffer overflow
Details
If a user provided callback to set_cookie_generate_callback returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer.
Cookie values that are too long are now rejected.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pyopenssl"
},
"ranges": [
{
"events": [
{
"introduced": "22.0.0"
},
{
"fixed": "26.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27459"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-16T16:22:29Z",
"nvd_published_at": "2026-03-18T00:16:19Z",
"severity": "HIGH"
},
"details": "If a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer.\n\nCookie values that are too long are now rejected.",
"id": "GHSA-5pwr-322w-8jr4",
"modified": "2026-03-19T18:28:11Z",
"published": "2026-03-16T16:22:29Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27459"
},
{
"type": "WEB",
"url": "https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408"
},
{
"type": "PACKAGE",
"url": "https://github.com/pyca/pyopenssl"
},
{
"type": "WEB",
"url": "https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "pyOpenSSL DTLS cookie callback buffer overflow"
}
CERTFR-2026-AVI-0341
Vulnerability from certfr_avis - Published: 2026-03-23 - Updated: 2026-03-23
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | azl3 libexif 0.6.24-1 versions antérieures à 0.6.24-2 | ||
| Microsoft | N/A | azl3 kernel 6.6.126.1-1 versions antérieures à 6.6.129.1-1 | ||
| Microsoft | N/A | azl3 nghttp2 1.61.0-2 versions antérieures à 1.61.0-3 | ||
| Microsoft | N/A | azl3 pyOpenSSL 24.2.1-1 versions antérieures à 24.2.1-2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "azl3 libexif 0.6.24-1 versions ant\u00e9rieures \u00e0 0.6.24-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 kernel 6.6.126.1-1 versions ant\u00e9rieures \u00e0 6.6.129.1-1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 nghttp2 1.61.0-2 versions ant\u00e9rieures \u00e0 1.61.0-3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "azl3 pyOpenSSL 24.2.1-1 versions ant\u00e9rieures \u00e0 24.2.1-2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"name": "CVE-2025-71265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71265"
},
{
"name": "CVE-2025-71239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71239"
},
{
"name": "CVE-2026-32775",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32775"
},
{
"name": "CVE-2025-71267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71267"
},
{
"name": "CVE-2026-23267",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23267"
},
{
"name": "CVE-2026-23259",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23259"
},
{
"name": "CVE-2026-23243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23243"
},
{
"name": "CVE-2026-23242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23242"
},
{
"name": "CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"name": "CVE-2026-27448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
},
{
"name": "CVE-2026-23233",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23233"
},
{
"name": "CVE-2026-23266",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23266"
},
{
"name": "CVE-2025-71266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71266"
},
{
"name": "CVE-2026-23241",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23241"
},
{
"name": "CVE-2026-23248",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23248"
}
],
"initial_release_date": "2026-03-23T00:00:00",
"last_revision_date": "2026-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0341",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27448",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27448"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71265",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71265"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23243",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23243"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27135",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27135"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23241",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23241"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71267",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71267"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23266",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23266"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23259",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23259"
},
{
"published_at": "2026-03-20",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23267",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23267"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23248",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23248"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23233",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23233"
},
{
"published_at": "2026-03-18",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71239",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71239"
},
{
"published_at": "2026-03-17",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-32775",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32775"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-71266",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-71266"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-27459",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27459"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-23242",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23242"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…