RHSA-2026:22627
Vulnerability from csaf_redhat - Published: 2026-06-02 18:12 - Updated: 2026-06-28 08:40Summary
Red Hat Security Advisory: OpenShift File Integrity Operator bug fix and enhancement update
Severity
Important
Notes
Topic: An updated OpenShift File Integrity Operator image that fixes various bugs and adds new
enhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.
Details: The OpenShift File Integrity Operator v1.4.0 is now available.
See the documentation for bug fix information:
https://docs.openshift.com/container-platform/latest/security/file_integrity_operator/file-integrity-operator-release-notes.html
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
7.4 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x | — |
Vendor Fix
fix
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64 | — |
Threats
Impact
Moderate
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64 | — |
Workaround
|
Threats
Impact
Important
References
30 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An updated OpenShift File Integrity Operator image that fixes various bugs and adds new\nenhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "The OpenShift File Integrity Operator v1.4.0 is now available.\nSee the documentation for bug fix information:\n\nhttps://docs.openshift.com/container-platform/latest/security/file_integrity_operator/file-integrity-operator-release-notes.html",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22627",
"url": "https://access.redhat.com/errata/RHSA-2026:22627"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22627.json"
}
],
"title": "Red Hat Security Advisory: OpenShift File Integrity Operator bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-06-28T08:40:24+00:00",
"generator": {
"date": "2026-06-28T08:40:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.2.6"
}
},
"id": "RHSA-2026:22627",
"initial_release_date": "2026-06-02T18:12:25+00:00",
"revision_history": [
{
"date": "2026-06-02T18:12:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-02T18:12:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-28T08:40:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "OpenShift File Integrity Operator - FIO 1",
"product": {
"name": "OpenShift File Integrity Operator - FIO 1",
"product_id": "OpenShift File Integrity Operator - FIO 1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_file_integrity_operator:1::el9"
}
}
}
],
"category": "product_family",
"name": "OpenShift File Integrity Operator - FIO"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64",
"product_id": "registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-file-integrity-operator-bundle@sha256%3A813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891?arch=amd64\u0026repository_url=registry.redhat.io/compliance/openshift-file-integrity-operator-bundle\u0026tag=1780397972"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"product": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"product_id": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"product_identification_helper": {
"purl": "pkg:oci/openshift-file-integrity-rhel8-operator@sha256%3A310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594?arch=amd64\u0026repository_url=registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator\u0026tag=1780389566"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"product": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"product_id": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/openshift-file-integrity-rhel8-operator@sha256%3A04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7?arch=ppc64le\u0026repository_url=registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator\u0026tag=1780389566"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x",
"product": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x",
"product_id": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x",
"product_identification_helper": {
"purl": "pkg:oci/openshift-file-integrity-rhel8-operator@sha256%3A5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124?arch=s390x\u0026repository_url=registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator\u0026tag=1780389566"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64 as a component of OpenShift File Integrity Operator - FIO 1",
"product_id": "OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64",
"relates_to_product_reference": "OpenShift File Integrity Operator - FIO 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le as a component of OpenShift File Integrity Operator - FIO 1",
"product_id": "OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le"
},
"product_reference": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"relates_to_product_reference": "OpenShift File Integrity Operator - FIO 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64 as a component of OpenShift File Integrity Operator - FIO 1",
"product_id": "OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64"
},
"product_reference": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"relates_to_product_reference": "OpenShift File Integrity Operator - FIO 1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x as a component of OpenShift File Integrity Operator - FIO 1",
"product_id": "OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
},
"product_reference": "registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x",
"relates_to_product_reference": "OpenShift File Integrity Operator - FIO 1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
],
"known_not_affected": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:12:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22627"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
],
"known_not_affected": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:12:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22627"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
],
"known_not_affected": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-02T18:12:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22627"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-operator-bundle@sha256:813c9713c4e2e5a1c26b3c1d0b9fbdff9b0eb7cc966e4aa54620822890965891_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:04da784838d3992a8db2d095ea1404cdb96bc07e0dd31878f3c1a4f6516ce2a7_ppc64le",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:310fd968ce23f308f35667fefa8028bfe41f947b90152b7244694785a7fc3594_amd64",
"OpenShift File Integrity Operator - FIO 1:registry.redhat.io/compliance/openshift-file-integrity-rhel8-operator@sha256:5b10e21ffe129532c9e31f6eb6554f77ac71e6de51679f35b1658040e0692124_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…