RHSA-2026:12337
Vulnerability from csaf_redhat - Published: 2026-04-30 13:40 - Updated: 2026-05-01 21:22Summary
Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.11.1
Severity
Important
Notes
Topic: Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.11.1 General Availability release, with updates to container images.
Details: Assisted Installer RHEL 9 integrates components for the general multicluster engine
for Kubernetes 2.11.1 release that simplify the process of deploying OpenShift Container
Platform clusters.
The multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.
You can use the engine to create new Red Hat OpenShift Container Platform
clusters, or to import existing Kubernetes-based clusters for management.
After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub. The credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace. The affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected. This issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode. Successful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters.
6.1 (Medium)
Vendor Fix
For more information about Assisted Installer, see the following documentation:
https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#cim-intro
For multicluster engine for Kubernetes, see the following documentation for
details on how to install the images:
https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#mce-install-intro
This documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.16.
https://access.redhat.com/errata/RHSA-2026:12337
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Vendor Fix
For more information about Assisted Installer, see the following documentation:
https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#cim-intro
For multicluster engine for Kubernetes, see the following documentation for
details on how to install the images:
https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#mce-install-intro
This documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.16.
https://access.redhat.com/errata/RHSA-2026:12337
Workaround
To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.
References
Acknowledgments
Red Hat
Omer Vishlitzky
Nick Carboni
Riccardo Piccoli
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.11.1 General Availability release, with updates to container images.",
"title": "Topic"
},
{
"category": "general",
"text": "Assisted Installer RHEL 9 integrates components for the general multicluster engine\nfor Kubernetes 2.11.1 release that simplify the process of deploying OpenShift Container\nPlatform clusters.\n\nThe multicluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters, or to import existing Kubernetes-based clusters for management.\n\nAfter the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:12337",
"url": "https://access.redhat.com/errata/RHSA-2026:12337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-7163",
"url": "https://access.redhat.com/security/cve/CVE-2026-7163"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_12337.json"
}
],
"title": "Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.11.1",
"tracking": {
"current_release_date": "2026-05-01T21:22:24+00:00",
"generator": {
"date": "2026-05-01T21:22:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2026:12337",
"initial_release_date": "2026-04-30T13:40:21+00:00",
"revision_history": [
{
"date": "2026-04-30T13:40:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-30T13:40:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-01T21:22:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "multicluster engine for Kubernetes 2.11",
"product": {
"name": "multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_engine:2.11::el9"
}
}
}
],
"category": "product_family",
"name": "multicluster engine for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3Af25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776967957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776950029"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776773976"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3Aa73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776950044"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776987609"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776967957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3Ae11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776950029"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776773976"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3A715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776950044"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3Ad90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776987609"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3Ab2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776967957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3Ac5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776950029"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776773976"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3Ae364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776950044"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776987609"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3Aa2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776967957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776950029"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776773976"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3A520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776950044"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1776987609"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64 as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64 as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64 as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64 as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64 as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64 as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64 as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64 as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64 as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64 as a component of multicluster engine for Kubernetes 2.11",
"product_id": "multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.11"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Omer Vishlitzky",
"Nick Carboni",
"Riccardo Piccoli"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-7163",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"discovery_date": "2026-04-27T04:18:06.534000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2463152"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub. \n\nThe credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace.\n\nThe affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected.\nThis issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode.\n\nSuccessful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "assisted-service: assisted-service: Authenticated users can gain administrative access to OpenShift clusters via credential disclosure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-7163"
},
{
"category": "external",
"summary": "RHBZ#2463152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2463152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-7163",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7163"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-7163",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7163"
}
],
"release_date": "2026-04-30T12:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T13:40:21+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.16.",
"product_ids": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12337"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "assisted-service: assisted-service: Authenticated users can gain administrative access to OpenShift clusters via credential disclosure"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-30T13:40:21+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.16/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.16.",
"product_ids": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:12337"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:8280d5b264d82f646a074ba80a28e518c65eda85210dd73dcce1305baf3db753_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:a2c980a42ab1e99d5c6074552782255ebc5b6275237f4d2cb1bfe5d4f1acb490_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:b2fc9804cf2aa1878c1fb851078a674463764be90c36ddbaa97f77789370efe3_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:f25ec53e76b16f620e5e067ccd57005267691bb910989a704e6cd86329372c9a_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:49c62e8ac4762849f1596729a752cd88a0d6aefb40a7a459e9b22493c1e275fd_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:6cc1e0e0351c80d62ff578df84de51759c5d611d4650f9047fe9053e6afa6faf_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:8a251e3cb7bca9d6c3ed20829849bfc6361c8c168feef6dab7c1e06ada9ecce0_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:9f5ee10acc225f6e4aba6fdbfcfe01851cf1483181be2ade6f0b002990316079_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:520b5b7722318d06646aa55a3fe98359aab8d3fa011bf8ca1e52e111a43afe1a_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:715a03b50ac63a96f6256bb7f0685e8fd22d59ded6746c9bd8ff464970cce19a_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a73d454ca721268d3ba17a6b3c9a76f8f80c2acbf28e6f94c507e388301bf531_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:e364c549150a4ee3ba20d9fa199d0dca2173cbb6486f232e59e9bf1ced7054b7_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:3b00ae767102c4073f4a55f4962cbd4cfcc8ac6b52620da7fa3010c5b8d39799_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:93d8e7a6bfefcb523c18dad0c84e99e38574b0025720161bdbd088033c4c8c4f_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c5761317d9acf329047e751d6d2573c4edfe136e06d752d2f6aeef2006b71392_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:e11544a9a4c4d501a4b863d58230d7e4649c90e23b3557ae4a09aed9ec7dc6cb_arm64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:1133ab36a25af5c4c813b104d26502705be4932c334641243a6fb390637a6e17_ppc64le",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:233424d7f85dbc64152a7c08c48db76cff54a4845e088384d6f1d48194fae646_amd64",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:3c5128eee15019b8775c87a78caf1e4a40e9fe3b52daa9622b0238a3607fd251_s390x",
"multicluster engine for Kubernetes 2.11:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d90e9b64aca66528a4d359b506b2d338fba7ac9072ce4292c6498848ee20bf7a_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…