RHSA-2026:3107
Vulnerability from csaf_redhat - Published: 2026-02-23 17:16 - Updated: 2026-02-27 00:26Summary
Red Hat Security Advisory: Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6
Notes
Topic
Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Kiali 1.73.27, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently
Security Fix(es):
* kiali-ossmc-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* kiali-rhel8: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Kiali 1.73.27, for Red Hat OpenShift Service Mesh 2.6, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently\n\nSecurity Fix(es):\n\n* kiali-ossmc-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel8: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n\n* kiali-rhel8: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3107",
"url": "https://access.redhat.com/errata/RHSA-2026:3107"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61729",
"url": "https://access.redhat.com/security/cve/cve-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-25639",
"url": "https://access.redhat.com/security/cve/cve-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3107.json"
}
],
"title": "Red Hat Security Advisory: Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6",
"tracking": {
"current_release_date": "2026-02-27T00:26:18+00:00",
"generator": {
"date": "2026-02-27T00:26:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.1"
}
},
"id": "RHSA-2026:3107",
"initial_release_date": "2026-02-23T17:16:07+00:00",
"revision_history": [
{
"date": "2026-02-23T17:16:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-23T17:16:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-02-27T00:26:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 2.6",
"product": {
"name": "Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Afcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3Ae2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3Ae3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-rhel8@sha256%3A4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771230055"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/kiali-ossmc-rhel8@sha256%3A3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1771229736"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64 as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le as a component of Red Hat OpenShift Service Mesh 2.6",
"product_id": "Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:16:07+00:00",
"details": "See Kiali 1.73.27 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3107"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service. This vulnerability is fixed in versions 0.30.3 and 1.13.5.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-23T17:16:07+00:00",
"details": "See Kiali 1.73.27 documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/service_mesh/service-mesh-2-x",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3107"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3a78aade4c1a6fec8ff6c6ac6cec39644bd6bb592a3f65b6deaced893fa90f6d_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:3f096099daedca138492478a01802b4cf03a47a9b38086eceae2fef44ca03807_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:e3726b5aca328047a8dfa518b2a7409f4d67b2152ec40f8a484618d86cd322b5_ppc64le",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-ossmc-rhel8@sha256:fcd8354b6a8282be890ab266e8ba84011f495f89f00a354e487cf09c73e4f6f5_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:148cd3650dbfad079a80ff1b908aa6d992f7b2063aa4bda3687f04e1655b5e36_amd64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:4de053d77171a638e0d79deb10803f22e43fbc0d9b3e124eee90c1832346e271_s390x",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:87cdc959362c3fb3e35930ad04fa589e5807bc3977d9e1964359b614ced0eb35_arm64",
"Red Hat OpenShift Service Mesh 2.6:registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:e2f969be38741ff30e476e3a8f70eb60a3d030dcebcdb303269f39997c4acdf4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…