Vulnerability-Lookup

RHSA-2026:27114

Vulnerability from csaf_redhat - Published: 2026-06-18 14:45 - Updated: 2026-06-18 14:54

Summary

Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.17

Severity

Important

Notes

Topic: Red Hat OpenShift Service Mesh 2.6.17 This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Service Mesh 2.6.17, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application. Security Fix(es): * proxyv2-rhel9: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack (CVE-2026-47774) * proxyv2-rhel9: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-47774

A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64	—	Vendor Fix fix Workaround

Known not affected 4 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64	—	Workaround

Threats

Impact Important

CVE-2026-49975

A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64	—	Vendor Fix fix Workaround

Known not affected 4 products

Product	Version	Remediation
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64	—	Workaround
Unresolved product id: Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64	—	Workaround

Threats

Impact Important

References

18 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:27114	self
https://access.redhat.com/security/cve/CVE-2026-47774	external
https://access.redhat.com/security/cve/CVE-2026-49975	external
https://access.redhat.com/security/cve/cve-2026-47774	external
https://access.redhat.com/security/cve/cve-2026-49975	external
https://access.redhat.com/security/updates/classi…	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-47774	self
https://bugzilla.redhat.com/show_bug.cgi?id=2487465	external
https://access.redhat.com/security/vulnerabilitie…	external
https://www.cve.org/CVERecord?id=CVE-2026-47774	external
https://nvd.nist.gov/vuln/detail/CVE-2026-47774	external
https://access.redhat.com/security/cve/CVE-2026-49975	self
https://bugzilla.redhat.com/show_bug.cgi?id=2485371	external
https://www.cve.org/CVERecord?id=CVE-2026-49975	external
https://nvd.nist.gov/vuln/detail/CVE-2026-49975	external
https://blog.calif.io/p/codex-discovered-a-hidden…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Service Mesh 2.6.17\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Service Mesh 2.6.17, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nSecurity Fix(es):\n\n* proxyv2-rhel9: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack (CVE-2026-47774)\n\n* proxyv2-rhel9: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack (CVE-2026-49975)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:27114",
        "url": "https://access.redhat.com/errata/RHSA-2026:27114"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-47774",
        "url": "https://access.redhat.com/security/cve/CVE-2026-47774"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-49975",
        "url": "https://access.redhat.com/security/cve/CVE-2026-49975"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2026-47774",
        "url": "https://access.redhat.com/security/cve/cve-2026-47774"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/cve-2026-49975",
        "url": "https://access.redhat.com/security/cve/cve-2026-49975"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification",
        "url": "https://access.redhat.com/security/updates/classification"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_27114.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 2.6.17",
    "tracking": {
      "current_release_date": "2026-06-18T14:54:00+00:00",
      "generator": {
        "date": "2026-06-18T14:54:00+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2026:27114",
      "initial_release_date": "2026-06-18T14:45:35+00:00",
      "revision_history": [
        {
          "date": "2026-06-18T14:45:35+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-18T14:45:40+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-18T14:54:00+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Service Mesh 2.6",
                "product": {
                  "name": "Red Hat OpenShift Service Mesh 2.6",
                  "product_id": "Red Hat OpenShift Service Mesh 2.6",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_mesh:2.6::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Service Mesh"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ae6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1781579930"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel9@sha256%3A91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=1781604724"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Af1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1781579930"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64",
                  "product_id": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel9@sha256%3Aff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=1781604724"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1781579930"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
                  "product_id": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel9@sha256%3A9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=1781604724"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Ab046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9\u0026tag=1781579930"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
                "product": {
                  "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
                  "product_id": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel9@sha256%3Aaeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel9\u0026tag=1781604724"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
          "product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
        },
        "product_reference": "registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64",
        "relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-47774",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "discovery_date": "2026-06-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2487465"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A denial-of-service vulnerability was found in Envoy\u0027s HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-47774"
        },
        {
          "category": "external",
          "summary": "RHBZ#2487465",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487465"
        },
        {
          "category": "external",
          "summary": "RHSB-2026-007",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-007"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-47774",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47774"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47774"
        }
      ],
      "release_date": "2026-06-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-18T14:45:35+00:00",
          "details": "See Red Hat OpenShift Service Mesh 2.6.17 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/service_mesh/service-mesh-2-x",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27114"
        },
        {
          "category": "workaround",
          "details": "See the security bulletin for a detailed mitigation procedure.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "envoy: envoy: HTTP/2 Remote Denial of Service via HPACK compression bomb and Slowloris-style attack"
    },
    {
      "cve": "CVE-2026-49975",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "discovery_date": "2026-06-05T06:04:44.009000+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2485371"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in HTTP/2, affecting various web servers. A remote attacker can exploit this vulnerability by combining an HPACK compression bomb with a zero-byte flow-control window. This technique allows a small amount of data to expand into large memory allocations on the server, which are then held, leading to a denial of service (DoS) by rendering the server inaccessible.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The Apache\u0027s `httpd` HTTP/2 protocol implementation has a denial-of-service (DoS) vulnerability that is rated as Important. An unauthenticated remote attacker can exploit this flaw by combining HPACK compression with flow control manipulation, leading to significant server memory exhaustion and rendering the service inaccessible. This vulnerability exists in default HTTP/2 configurations.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
        ],
        "known_not_affected": [
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
          "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-49975"
        },
        {
          "category": "external",
          "summary": "RHBZ#2485371",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2485371"
        },
        {
          "category": "external",
          "summary": "RHSB-2026-007",
          "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2026-007"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-49975",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-49975"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-49975",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49975"
        },
        {
          "category": "external",
          "summary": "https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb",
          "url": "https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb"
        }
      ],
      "release_date": "2026-06-03T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-18T14:45:35+00:00",
          "details": "See Red Hat OpenShift Service Mesh 2.6.17 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/service_mesh/service-mesh-2-x",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:27114"
        },
        {
          "category": "workaround",
          "details": "See the security bulletin for a detailed mitigation procedure.",
          "product_ids": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1bf99621bc043feba08bbe087a69887c3318930d7c12ad2d04bd219b3d1ebd25_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:b046372098950aabce69b6bb45e38d4402d8f6c13450c1736ea7af78eddf8566_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:e6a6c65408f58c269bff76aced6bef45ee8547bd817f45146769109513992274_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:f1ad157e27640f2e6d12fd706902de424d79577f812543822dfcbea1a0f15e7d_arm64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:91ad18ecf0b3277175592fa95d0a7f748d165dab358f7ab16e3d37e34a96e5bd_amd64",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:9c7e1c1c0a00c97dfc7caf9a29c395b245ef5e2303c1d23974c4e11284cd538c_ppc64le",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:aeba5bf4d034bc85965e98bc6cdd87abac40d6bf569eb35ae79dcb0491fafeae_s390x",
            "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/proxyv2-rhel9@sha256:ff751cd7ab92db923c233be8d26e0b4e35e01fbb2e5f4b507aa7669d90024efa_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack"
    }
  ]
}

CVE-2026-47774 (GCVE-0-2026-47774)

Vulnerability from cvelistv5 – Published: 2026-06-17 16:58 – Updated: 2026-06-17 18:01

Title

Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification

Summary

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. The issue arises from the combination of two behaviors. First, cookie header bytes are not fully accounted for during request header size validation in Envoy. Second, HPACK header block limits in oghttp2/quiche are enforced on encoded bytes without a corresponding limit on total decoded header size. Together, these behaviors allow a malicious client to cause large decoded header allocations while bypassing the intended request header size protections. Versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 contain a fix. No complete workaround is known short of applying a fix. Possible temporary mitigations include disabling downstream HTTP/2 where operationally feasible; enforcing stricter request header and cookie limits before traffic reaches Envoy; and monitoring Envoy memory usage for abnormal growth under HTTP/2 traffic.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-405 - Asymmetric Resource Consumption (Amplification)
CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/envoyproxy/envoy/security/advi…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2026/0…

Impacted products

1 product

Vendor	Product	Version
envoyproxy	envoy	Affected: < 1.35.11 Affected: >= 1.36.0, < 1.36.7 Affected: >= 1.37.0, < 1.37.3 Affected: >= 1.38.0, < 1.38.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-17T17:05:51.998Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/06/04/15"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-47774",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T18:00:56.896750Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T18:01:59.116Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "envoy",
          "vendor": "envoyproxy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.35.11"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.36.0, \u003c 1.36.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.37.0, \u003c 1.37.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 1.38.0, \u003c 1.38.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy\u0027s HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentially resulting in OOM termination of the Envoy process and denial of service. The issue arises from the combination of two behaviors. First, cookie header bytes are not fully accounted for during request header size validation in Envoy. Second, HPACK header block limits in oghttp2/quiche are enforced on encoded bytes without a corresponding limit on total decoded header size. Together, these behaviors allow a malicious client to cause large decoded header allocations while bypassing the intended request header size protections. Versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1 contain a fix. No complete workaround is known short of applying a fix. Possible temporary mitigations include disabling downstream HTTP/2 where operationally feasible; enforcing stricter request header and cookie limits before traffic reaches Envoy; and monitoring Envoy memory usage for abnormal growth under HTTP/2 traffic."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T16:58:36.541Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-22m2-hvr2-xqc8"
        }
      ],
      "source": {
        "advisory": "GHSA-22m2-hvr2-xqc8",
        "discovery": "UNKNOWN"
      },
      "title": "Envoy vulnerable to HTTP/2 memory exhaustion via cookie header size bypass and HPACK amplification"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-47774",
    "datePublished": "2026-06-17T16:58:36.541Z",
    "dateReserved": "2026-05-19T22:36:16.882Z",
    "dateUpdated": "2026-06-17T18:01:59.116Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-49975 (GCVE-0-2026-49975)

Vulnerability from cvelistv5 – Published: 2026-06-08 15:26 – Updated: 2026-06-18 10:29

Title

Apache HTTP Server: mod_http2 denial of service

Summary

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-789 - Memory Allocation with Excessive Size Value

Assigner

apache

References

5 references

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory
http://www.openwall.com/lists/oss-security/2026/06/03/3
https://lists.debian.org/debian-lts-announce/2026…
http://www.openwall.com/lists/oss-security/2026/0…
https://github.com/EQSTLab/CVE-2026-49975	exploit

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.17 , ≤ 2.4.67 (semver)

Credits

Quang Luong of Calif.IO in collaboration with OpenAI Codex

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-06-08T22:32:35.729Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/06/03/3"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00009.html"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/06/08/16"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-49975",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-18T10:27:36.270403Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-18T10:29:04.207Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/EQSTLab/CVE-2026-49975"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.67",
              "status": "affected",
              "version": "2.4.17",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Quang Luong of Calif.IO in collaboration with OpenAI Codex"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMemory Allocation with Excessive Size Value vulnerability in Apache HTTP Server\u0027s mod_http leads to denial of service via malicious HTTP requests.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server\u0027s mod_http leads to denial of service via malicious HTTP requests.\n\nThis issue affects Apache HTTP Server: from 2.4.17 through 2.4.67."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-789",
              "description": "CWE-789 Memory Allocation with Excessive Size Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-08T15:26:04.674Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-05-26T12:00:00.000Z",
          "value": "reported"
        },
        {
          "lang": "en",
          "time": "2026-05-27T12:00:00.000Z",
          "value": "fixed upstream in mod_h2 https://github.com/icing/mod_h2/commit/35c6e405390ed361189a82acd96675401ea5947c"
        },
        {
          "lang": "en",
          "time": "2026-06-02T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1934882"
        },
        {
          "lang": "eng",
          "time": "2026-06-08T12:00:00.000Z",
          "value": "2.4.68 released"
        }
      ],
      "title": "Apache HTTP Server: mod_http2 denial of service",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-49975",
    "datePublished": "2026-06-08T15:26:04.674Z",
    "dateReserved": "2026-06-02T17:20:37.983Z",
    "dateUpdated": "2026-06-18T10:29:04.207Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:27114

CVE-2026-47774 (GCVE-0-2026-47774)

CVE-2026-49975 (GCVE-0-2026-49975)

Tags

Sightings

Nomenclature