RHSA-2026:6912
Vulnerability from csaf_redhat - Published: 2026-04-07 17:36 - Updated: 2026-04-07 21:38Summary
Red Hat Security Advisory: Red Hat Quay 3.10.20
Severity
Important
Notes
Topic: Red Hat Quay 3.10.20 is now available with bug fixes.
Details: Quay 3.10.20
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6912
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.
8.2 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6912
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.
8.7 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6912
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6912
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library's internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6912
An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6912
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:6912
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.20 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.20",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6912",
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28498",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-30922",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32597",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4599",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4600",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4601",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4602",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6912.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.20",
"tracking": {
"current_release_date": "2026-04-07T21:38:24+00:00",
"generator": {
"date": "2026-04-07T21:38:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:6912",
"initial_release_date": "2026-04-07T17:36:52+00:00",
"revision_history": [
{
"date": "2026-04-07T17:36:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-07T17:37:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-07T21:38:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.1",
"product": {
"name": "Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885559"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Af10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885579"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774886143"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ac1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885638"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Ad562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775173011"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ae077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885636"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aeae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169155"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885638"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885636"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aa0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169155"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ac642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885638"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Af720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885592"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774885636"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Abb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775169155"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-4599",
"cwe": {
"id": "CWE-338",
"name": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"
},
"discovery_date": "2026-03-23T06:01:34.008562+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit an incomplete comparison vulnerability in the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions. By manipulating incorrect comparison checks, an attacker can bias the Digital Signature Algorithm (DSA) nonces during signature generation. This allows the attacker to recover the private key, leading to a critical security compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4599"
},
{
"category": "external",
"summary": "RHBZ#2450207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4599",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4599"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4599"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20",
"url": "https://gist.github.com/Kr0emer/081681818b51605c91945126d74b4f20"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1",
"url": "https://github.com/kjur/jsrsasign/commit/ee4b013478366cb16cea9a4bdfb218b6077f83b1"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/647",
"url": "https://github.com/kjur/jsrsasign/pull/647"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370939"
}
],
"release_date": "2026-03-23T05:00:12.522000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces"
},
{
"cve": "CVE-2026-4600",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-23T06:01:39.334925+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450208"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit improper verification of cryptographic signatures by supplying malicious domain parameters during the Digital Signature Algorithm (DSA) validation process. This allows the attacker to forge DSA signatures or X.509 certificates, which would then be accepted as legitimate, potentially leading to unauthorized access or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT. The flaw in jsrsasign allows an attacker to forge Digital Signature Algorithm (DSA) signatures or X.509 certificates by providing malicious domain parameters during validation. This could lead to unauthorized access or data manipulation in affected Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, where jsrsasign is utilized for cryptographic signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4600"
},
{
"category": "external",
"summary": "RHBZ#2450208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450208"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4600",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4600"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4600"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7",
"url": "https://gist.github.com/Kr0emer/bf15ddc097176e951659a24a8e9002a7"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60",
"url": "https://github.com/kjur/jsrsasign/commit/37b4c06b145c7bfd6bc2a6df5d0a12c56b15ef60"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/646",
"url": "https://github.com/kjur/jsrsasign/pull/646"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370940"
}
],
"release_date": "2026-03-23T05:00:08.475000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters"
},
{
"cve": "CVE-2026-4601",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-23T06:01:44.014846+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450209"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. An attacker can exploit a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process, specifically within the KJUR.crypto.DSA.signWithMessageHash function. By manipulating the signature generation to force specific values, the library emits an invalid signature without retrying. This vulnerability allows an attacker to recover the private key used for signing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A flaw in the jsrsasign library allows for private key recovery due to a missing cryptographic step in the Digital Signature Algorithm (DSA) signing process. An attacker can manipulate signature generation within the KJUR.crypto.DSA.signWithMessageHash function to force specific values, enabling the recovery of the private key. This impacts Red Hat products utilizing jsrsasign, such as Migration Toolkit for Virtualization and Red Hat Quay.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4601"
},
{
"category": "external",
"summary": "RHBZ#2450209",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450209"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4601"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586",
"url": "https://gist.github.com/Kr0emer/93789fe6efe5519db9692d4ad1dad586"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb",
"url": "https://github.com/kjur/jsrsasign/commit/0710e392ec35de697ce11e4219c988ba2b5fe0eb"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/645",
"url": "https://github.com/kjur/jsrsasign/pull/645"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370941"
}
],
"release_date": "2026-03-23T05:00:13.312000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing"
},
{
"cve": "CVE-2026-4602",
"cwe": {
"id": "CWE-681",
"name": "Incorrect Conversion between Numeric Types"
},
"discovery_date": "2026-03-23T06:01:28.729668+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450206"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker can exploit an incorrect conversion between numeric types by providing a negative exponent to the `modPow` function. This vulnerability can force the computation of incorrect modular inverses, which ultimately allows an attacker to bypass signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT flaw. The `jsrsasign` library, as used in Red Hat products such as Migration Toolkit for Virtualization and Red Hat Quay, is vulnerable to a signature verification bypass. A remote attacker could provide a specially crafted negative exponent to the `modPow` function, leading to incorrect modular inverse computations and allowing them to bypass signature verification.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4602"
},
{
"category": "external",
"summary": "RHBZ#2450206",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450206"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4602"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4602"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5",
"url": "https://gist.github.com/Kr0emer/7ecd2be7d17419e4677315ef3758faf5"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195",
"url": "https://github.com/kjur/jsrsasign/commit/5ea1c32bb2aa894b4bd29849839afe4f98728195"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/650",
"url": "https://github.com/kjur/jsrsasign/pull/650"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15371175"
}
],
"release_date": "2026-03-23T05:00:10.567000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling"
},
{
"cve": "CVE-2026-28498",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-03-16T19:02:00.128339+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448182"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for building OAuth and OpenID Connect (OIDC) servers. This vulnerability allows a remote attacker to bypass critical integrity checks in OIDC ID Tokens. Specifically, the library\u0027s internal hash verification logic fails open when encountering an unsupported cryptographic algorithm, accepting a forged ID Token as valid. This can lead to an authentication bypass, granting unauthorized access to systems relying on Authlib for OIDC authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT vulnerability in Authlib allows attackers to bypass OIDC ID Token integrity verification. The at_hash and c_hash validation fails open for unknown algorithms, accepting forged tokens as valid. Exploitation requires no authentication or user interaction. Impact is high to confidentiality and integrity. Red Hat products using Authlib for OIDC validation are affected. Fixed in version 1.6.9.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28498"
},
{
"category": "external",
"summary": "RHBZ#2448182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28498"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28498"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b",
"url": "https://github.com/authlib/authlib/commit/b9bb2b25bf8b7e01512d847a95c1749646eaa72b"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-m344-f55w-2m6j"
}
],
"release_date": "2026-03-16T18:03:28.821000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens"
},
{
"cve": "CVE-2026-30922",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-03-18T04:02:45.401296+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448553"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE (0x30) or SET (0x31) tags with Indefinite Length (0x80) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a RecursionError or consumes all available memory (OOM), crashing the host application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-30922"
},
{
"category": "external",
"summary": "RHBZ#2448553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30922"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0",
"url": "https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0"
},
{
"category": "external",
"summary": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r",
"url": "https://github.com/pyasn1/pyasn1/security/advisories/GHSA-jr27-m4p2-rc6r"
}
],
"release_date": "2026-03-18T02:29:45.857000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion"
},
{
"cve": "CVE-2026-32597",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-12T22:01:29.967713+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447194"
}
],
"notes": [
{
"category": "description",
"text": "A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 \u00a74.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This violates the MUST requirement in the RFC.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32597"
},
{
"category": "external",
"summary": "RHBZ#2447194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32597"
},
{
"category": "external",
"summary": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f",
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-752w-5fwx-jx9f"
}
],
"release_date": "2026-03-12T21:41:50.427000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-07T17:36:52+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6912"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:4dbc2192d14ddc31d6ca95e637852b762e5637e8bcdeff88955ee94c2599f8cd_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:982c6ba6d54fdd28de2c8e272426a2b7543a0a4d07ecc52cf2e42210708a8c60_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:f720639c165ca0ab66ff5065b6239f665de1f9f9dac825ee216c2964cb67d69b_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:f10ae0b327ecd7dc04d10e378d92ad8ed707c74af76570e51a92a4b9b7e2da23_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:08fb4410b8b418429c02957af6b1395159b27429bbd36983b5a42f5650de26a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:7bed37d976e23dc5866cfb97db4ba0da14e3bdfcb0619ffd00890ed2f0a87baa_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c1a33f9ba0d8fb1b7bab9905e4e15d34d13a21b3bfea169a4b306147315148b7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:c642d449979bc1f96c588a8763fe0e97a39d9a4ed5d093c8a114b46d79fc92d5_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:9222d6512b416186d1d5d0a051f3f873d5835c3942c368cbe79bbc24357ed0a5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:d562451f2b3de78ff747137f3c12f146e89f378608eaeec522a694fd8056fa17_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:029c488d9e828cc1e630ac1ff78f93a84d910d04138c541300cde0006ca2412e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0d1e82d1dd7c3bbcf73e6a04b6f853e50b99ef3557923fa9cbc44ff4bdaf4e95_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:e077bc427559e79bbbf67445a4790b7b0c75a86fc846278f25039df8139079c5_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:bb4c7f2f2f1d61d8bfcbf5a991d5faf417fb43ae189c3a008b367a3c2567121e_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:eae5ef47a0c9a80a074dd1e03d60ed54b2d53fe77753ba26cdc62f8d6d44f1f1_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 \u00a74.1.11 MUST violation)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…