RHSA-2026:5168
Vulnerability from csaf_redhat - Published: 2026-03-19 19:18 - Updated: 2026-03-22 00:39Summary
Red Hat Security Advisory: Red Hat Quay 3.9.19
Severity
Important
Notes
Topic: Red Hat Quay 3.9.19 is now available with bug fixes.
Details: Quay 3.9.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.19 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5168",
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5168.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.19",
"tracking": {
"current_release_date": "2026-03-22T00:39:11+00:00",
"generator": {
"date": "2026-03-22T00:39:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:5168",
"initial_release_date": "2026-03-19T19:18:06+00:00",
"revision_history": [
{
"date": "2026-03-19T19:18:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T19:18:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-22T00:39:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931764"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ad97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931771"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772739181"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Acb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773939659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Add567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ace8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ae16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Aa6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ad64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…