RHSA-2026:2500
Vulnerability from csaf_redhat - Published: 2026-02-11 05:02 - Updated: 2026-02-12 20:51Summary
Red Hat Security Advisory: Red Hat multicluster global hub 1.4.4 security update
Notes
Topic
Red Hat multicluster global hub v1.4.4 general availability release images, which provide security fixes, bug fixes, and updated container images.
Red Hat Product Security has rated this update as having a security impact of Important.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.
Details
Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat multicluster global hub v1.4.4 general availability release images, which provide security fixes, bug fixes, and updated container images.\n\nRed Hat Product Security has rated this update as having a security impact of Important. \nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat multicluster global hub is a set of components that enable you to import one or more hub clusters and manage them from a single hub cluster.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:2500",
"url": "https://access.redhat.com/errata/RHSA-2026:2500"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-12816",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15284",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68429",
"url": "https://access.redhat.com/security/cve/CVE-2025-68429"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2500.json"
}
],
"title": "Red Hat Security Advisory: Red Hat multicluster global hub 1.4.4 security update",
"tracking": {
"current_release_date": "2026-02-12T20:51:42+00:00",
"generator": {
"date": "2026-02-12T20:51:42+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:2500",
"initial_release_date": "2026-02-11T05:02:44+00:00",
"revision_history": [
{
"date": "2026-02-11T05:02:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-11T05:02:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-12T20:51:42+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat multicluster global hub 1.4.4",
"product": {
"name": "Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_globalhub:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat multicluster global hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770126537"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Abca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770281189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Aca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770280963"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-operator-bundle@sha256%3Af8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770362687"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770281560"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Ac48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1769643304"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770126537"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3Ac50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770281189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770280963"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770281560"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1769643304"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3A2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770126537"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770281189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3A265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770280963"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3Ae8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770281560"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3A1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1769643304"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-grafana-rhel9@sha256%3Ac7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770126537"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-agent-rhel9@sha256%3A237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770281189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-manager-rhel9@sha256%3Aeed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770280963"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-rhel9-operator@sha256%3A8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1770281560"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"product": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"product_id": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/multicluster-globalhub-postgres-exporter-rhel9@sha256%3Ad6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-globalhub\u0026tag=1769643304"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64 as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x as a component of Red Hat multicluster global hub 1.4.4",
"product_id": "Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
},
"product_reference": "registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x",
"relates_to_product_reference": "Red Hat multicluster global hub 1.4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12816",
"cwe": {
"id": "CWE-179",
"name": "Incorrect Behavior Order: Early Validation"
},
"discovery_date": "2025-11-25T20:01:05.875196+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417097"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 (Abstract Syntax Notation One) structures to desynchronize schema validations, yielding a semantic divergence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products due to an interpretation conflict in the node-forge library. An unauthenticated attacker could exploit this flaw by crafting malicious ASN.1 structures, leading to a bypass of cryptographic verifications and security decisions in affected applications. This impacts various Red Hat products that utilize node-forge for cryptographic operations.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12816"
},
{
"category": "external",
"summary": "RHBZ#2417097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417097"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12816"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge",
"url": "https://github.com/digitalbazaar/forge"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/pull/1124",
"url": "https://github.com/digitalbazaar/forge/pull/1124"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-5gfm-wpxj-wjgq"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/521113",
"url": "https://kb.cert.org/vuls/id/521113"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/node-forge",
"url": "https://www.npmjs.com/package/node-forge"
}
],
"release_date": "2025-11-25T19:15:50.243000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T05:02:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2500"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic verifications"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T05:02:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2500"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory allocation for the decompressed data. This vulnerability is fixed in 2.6.0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T05:02:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2500"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T05:02:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2500"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-68429",
"cwe": {
"id": "CWE-538",
"name": "Insertion of Sensitive Information into Externally-Accessible File or Directory"
},
"discovery_date": "2025-12-17T23:03:29.948214+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2423460"
}
],
"notes": [
{
"category": "description",
"text": "Storybook is a frontend workshop for building user interface components and pages in isolation. A vulnerability present starting in versions 7.0.0 and prior to versions 7.6.21, 8.6.15, 9.1.17, and 10.1.10 relates to Storybook\u2019s handling of environment variables defined in a `.env` file, which could, in specific circumstances, lead to those variables being unexpectedly bundled into the artifacts created by the `storybook build` command. When a built Storybook is published to the web, the bundle\u2019s source is viewable, thus potentially exposing those variables to anyone with access. For a project to potentially be vulnerable to this issue, it must build the Storybook (i.e. run `storybook build` directly or indirectly) in a directory that contains a `.env` file (including variants like `.env.local`) and publish the built Storybook to the web. Storybooks built without a `.env` file at build time are not affected, including common CI-based builds where secrets are provided via platform environment variables rather than `.env` files. Storybook runtime environments (i.e. `storybook dev`) are not affected. Deployed applications that share a repo with your Storybook are not affected. Users should upgrade their Storybook\u2014on both their local machines and CI environment\u2014to version .6.21, 8.6.15, 9.1.17, or 10.1.10 as soon as possible. Maintainers additionally recommend that users audit for any sensitive secrets provided via `.env` files and rotate those keys. Some projects may have been relying on the undocumented behavior at the heart of this issue and will need to change how they reference environment variables after this update. If a project can no longer read necessary environmental variable values, either prefix the variables with `STORYBOOK_` or use the `env` property in Storybook\u2019s configuration to manually specify values. In either case, do not include sensitive secrets as they will be included in the built bundle.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Storybook: Storybook: Information disclosure via unexpected bundling of environment variables",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as it can lead to the unintended exposure of sensitive environment variables. This occurs when a Storybook project is built using the `storybook build` command in a directory containing a `.env` file, and the resulting bundle is subsequently published to a web-accessible location. Storybook instances built without `.env` files or run in development mode (`storybook dev`) are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68429"
},
{
"category": "external",
"summary": "RHBZ#2423460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68429"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68429",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68429"
},
{
"category": "external",
"summary": "https://github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6",
"url": "https://github.com/storybookjs/storybook/security/advisories/GHSA-8452-54wp-rmv6"
},
{
"category": "external",
"summary": "https://storybook.js.org/blog/security-advisory",
"url": "https://storybook.js.org/blog/security-advisory"
}
],
"release_date": "2025-12-17T22:26:55.732000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T05:02:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2500"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Storybook: Storybook: Information disclosure via unexpected bundling of environment variables"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"known_not_affected": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-11T05:02:44+00:00",
"details": "For more details, see the Red Hat Advanced Cluster Management for Kubernetes documentation:\n\nhttps://docs.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.13/html/multicluster_global_hub/index",
"product_ids": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:2500"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:237007606257d24c4dd11ba15b48a4ab4a385d7c6b259f344ac40427d965ccb7_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:6bce9f138d78cd05a30d427afbd6fec50211ae3cba1174f796ec618c8862d8c7_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:bca34c5ced99ce0605bb8ff276e99030c480adf8842f038876095669a0d46f7e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-agent-rhel9@sha256:c50c3087b6579a76a07038c59dd685e767ba633428d45a057247054cd5d15e19_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:29f466fffff1ebdb03c69b57e588d1359324280c82c67788195048aed9e022f5_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:945a8497173aaba167a71fb4a393714905dd2d00ede0a4eb09c00c4c59727414_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-grafana-rhel9@sha256:c7cdfe50df5e73358f348f0a9b8f7b35c6a5f4298d4bb6bedae7c7b9da882108_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:265f3e651d16fb5416604e7b1dad78d1214f71001f6ac3a33b081d78116f616c_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:64b490a5a70c31874ba08fbe3ac00f8be2ad74198692432a8ee4762b25e40294_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:ca7cc3adb829b0e1526c8dd4494747ed3f0b38dabdc1d9e5b67c967e4db3fb09_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-manager-rhel9@sha256:eed6a559cea86c3790258ab4d43b03618273cd59c4c2c6d484365a6d5c75e458_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-operator-bundle@sha256:f8f73e9cadc8c27f13fd947422aa74908f0cc15eb4a340bc110db757a43c6c6e_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:1c24477a58cd87093ac8d47ae89170cc9df4c317f85e86a0a638e2cb62c96644_s390x",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:90aee1f2623f5fb562d1badfbaa9cd993d67642ef3fe6abe523335c6e13df641_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:c48153736d4573aa3cb6f2428fd10d1c08643cb69bc93d42512f561739243bed_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-postgres-exporter-rhel9@sha256:d6773be40f1cac558fe86a9dd564ba3f2570397c0dbe55e037bf05965987b43c_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:5b68ff2c13f4b8670d68ecf73607ea175b168d8eab620c8c666244d3a4d0b209_amd64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:8e05f5585404218773a63e7bbc4c93c18cebec7cd963d45fa28215edffca8448_arm64",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:9294e8c4a557d7c03108170a1406ca27e390c77bb71711de54567fa4830f91e7_ppc64le",
"Red Hat multicluster global hub 1.4.4:registry.redhat.io/multicluster-globalhub/multicluster-globalhub-rhel9-operator@sha256:e8e63947b14543af7407ec3b4639df3f7fe52198b771473670309c00d6ca8733_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…