Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Red Hat Developer Hub 1.9 by Red Hat

    CVE-2026-3118 (GCVE-0-2026-3118)

    Vulnerability from nvd – Published: 2026-02-25 11:25 – Updated: 2026-05-05 20:37
    VLAI
    Title
    Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin
    Summary
    A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:13826 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9742 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-3118 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2442273 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Developer Hub 1.8 Unaffected: 1776784286 , < * (rpm)
        cpe:/a:redhat:rhdh:1.8::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.9 Unaffected: 1777903262 , < * (rpm)
        cpe:/a:redhat:rhdh:1.9::el9
    Create a notification for this product.
    Date Public
    2026-02-24 00:00
    Credits
    Red Hat would like to thank Thibault Guittet for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3118",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T16:28:17.442215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:29:48.062Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhdh:1.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhdh/rhdh-hub-rhel9",
              "product": "Red Hat Developer Hub 1.8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1776784286",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhdh:1.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhdh/rhdh-hub-rhel9",
              "product": "Red Hat Developer Hub 1.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1777903262",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Thibault Guittet for reporting this issue."
            }
          ],
          "datePublic": "2026-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-05T20:37:00.910Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:13826",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:13826"
            },
            {
              "name": "RHSA-2026:9742",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:9742"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-3118"
            },
            {
              "name": "RHBZ#2442273",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442273"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-24T12:08:42.955Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-02-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, restrict network access to the Red Hat Developer Hub instance to trusted users and networks only. This limits the exposure of the vulnerable Orchestrator Plugin to unauthorized access."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-3118",
        "datePublished": "2026-02-25T11:25:55.016Z",
        "dateReserved": "2026-02-24T12:08:32.734Z",
        "dateUpdated": "2026-05-05T20:37:00.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13033 (GCVE-0-2025-13033)

    Vulnerability from nvd – Published: 2025-11-14 19:37 – Updated: 2026-05-11 11:26
    VLAI
    Title
    Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict
    Summary
    A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1286 - Improper Validation of Syntactic Correctness of Input
    Assigner
    Impacted products
    Vendor Product Version
    nodemailer nodemailer Affected: 0 , < 7.0.7 (semver)
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 8.1 Unaffected: 1777566546 , < * (rpm)
        cpe:/a:redhat:ceph_storage:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.9 Unaffected: 1772573159 , < * (rpm)
        cpe:/a:redhat:rhdh:1.9::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Date Public
    2025-10-07 13:42
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T20:00:22.140079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-14T20:00:51.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/nodemailer/nodemailer",
              "defaultStatus": "unaffected",
              "packageName": "nodemailer",
              "product": "nodemailer",
              "vendor": "nodemailer",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhceph/grafana-rhel9",
              "product": "Red Hat Ceph Storage 8.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1777566546",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhdh:1.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhdh/rhdh-hub-rhel9",
              "product": "Red Hat Developer Hub 1.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1772573159",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:acm:2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhacm2/acm-grafana-rhel9",
              "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-10-07T13:42:02.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker\u0027s external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1286",
                  "description": "Improper Validation of Syntactic Correctness of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T11:26:36.924Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:15979",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:15979"
            },
            {
              "name": "RHSA-2026:3751",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3751"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-13033"
            },
            {
              "name": "RHBZ#2402179",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402179"
            },
            {
              "url": "https://github.com/nodemailer/nodemailer"
            },
            {
              "url": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626"
            },
            {
              "url": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-07T15:03:14.483Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-10-07T13:42:02.000Z",
              "value": "Made public."
            }
          ],
          "title": "Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently there\u0027s no available mitigation for this flaw."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1286: Improper Validation of Syntactic Correctness of Input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-13033",
        "datePublished": "2025-11-14T19:37:08.224Z",
        "dateReserved": "2025-11-11T16:15:03.749Z",
        "dateUpdated": "2026-05-11T11:26:36.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-3118 (GCVE-0-2026-3118)

    Vulnerability from cvelistv5 – Published: 2026-02-25 11:25 – Updated: 2026-05-05 20:37
    VLAI
    Title
    Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin
    Summary
    A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    URL Tags
    https://access.redhat.com/errata/RHSA-2026:13826 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:9742 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/security/cve/CVE-2026-3118 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2442273 issue-trackingx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    Red Hat Red Hat Developer Hub 1.8 Unaffected: 1776784286 , < * (rpm)
        cpe:/a:redhat:rhdh:1.8::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.9 Unaffected: 1777903262 , < * (rpm)
        cpe:/a:redhat:rhdh:1.9::el9
    Create a notification for this product.
    Date Public
    2026-02-24 00:00
    Credits
    Red Hat would like to thank Thibault Guittet for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-3118",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T16:28:17.442215Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:29:48.062Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhdh:1.8::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhdh/rhdh-hub-rhel9",
              "product": "Red Hat Developer Hub 1.8",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1776784286",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhdh:1.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhdh/rhdh-hub-rhel9",
              "product": "Red Hat Developer Hub 1.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1777903262",
                  "versionType": "rpm"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Red Hat would like to thank Thibault Guittet for reporting this issue."
            }
          ],
          "datePublic": "2026-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user can inject specially crafted input into API requests, which disrupts backend query processing. This results in the entire Backstage application crashing and restarting, leading to a platform-wide Denial of Service (DoS). As a result, legitimate users temporarily lose access to the platform."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-05T20:37:00.910Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:13826",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:13826"
            },
            {
              "name": "RHSA-2026:9742",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:9742"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2026-3118"
            },
            {
              "name": "RHBZ#2442273",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442273"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-02-24T12:08:42.955Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2026-02-24T00:00:00.000Z",
              "value": "Made public."
            }
          ],
          "title": "Rhdh: graphql injection leading to platform-wide denial of service (dos) in rh developer hub orchestrator plugin",
          "workarounds": [
            {
              "lang": "en",
              "value": "To mitigate this issue, restrict network access to the Red Hat Developer Hub instance to trusted users and networks only. This limits the exposure of the vulnerable Orchestrator Plugin to unauthorized access."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2026-3118",
        "datePublished": "2026-02-25T11:25:55.016Z",
        "dateReserved": "2026-02-24T12:08:32.734Z",
        "dateUpdated": "2026-05-05T20:37:00.910Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-13033 (GCVE-0-2025-13033)

    Vulnerability from cvelistv5 – Published: 2025-11-14 19:37 – Updated: 2026-05-11 11:26
    VLAI
    Title
    Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict
    Summary
    A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1286 - Improper Validation of Syntactic Correctness of Input
    Assigner
    Impacted products
    Vendor Product Version
    nodemailer nodemailer Affected: 0 , < 7.0.7 (semver)
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 8.1 Unaffected: 1777566546 , < * (rpm)
        cpe:/a:redhat:ceph_storage:8.1::el9
    Create a notification for this product.
    Red Hat Red Hat Developer Hub 1.9 Unaffected: 1772573159 , < * (rpm)
        cpe:/a:redhat:rhdh:1.9::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Date Public
    2025-10-07 13:42
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-13033",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-14T20:00:22.140079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-14T20:00:51.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://github.com/nodemailer/nodemailer",
              "defaultStatus": "unaffected",
              "packageName": "nodemailer",
              "product": "nodemailer",
              "vendor": "nodemailer",
              "versions": [
                {
                  "lessThan": "7.0.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:ceph_storage:8.1::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhceph/grafana-rhel9",
              "product": "Red Hat Ceph Storage 8.1",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1777566546",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://catalog.redhat.com/software/containers/",
              "cpes": [
                "cpe:/a:redhat:rhdh:1.9::el9"
              ],
              "defaultStatus": "affected",
              "packageName": "rhdh/rhdh-hub-rhel9",
              "product": "Red Hat Developer Hub 1.9",
              "vendor": "Red Hat",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "unaffected",
                  "version": "1772573159",
                  "versionType": "rpm"
                }
              ]
            },
            {
              "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
              "cpes": [
                "cpe:/a:redhat:acm:2"
              ],
              "defaultStatus": "affected",
              "packageName": "rhacm2/acm-grafana-rhel9",
              "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
              "vendor": "Red Hat"
            }
          ],
          "datePublic": "2025-10-07T13:42:02.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker\u0027s external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "namespace": "https://access.redhat.com/security/updates/classification/",
                  "value": "Moderate"
                },
                "type": "Red Hat severity rating"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1286",
                  "description": "Improper Validation of Syntactic Correctness of Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T11:26:36.924Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2026:15979",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:15979"
            },
            {
              "name": "RHSA-2026:3751",
              "tags": [
                "vendor-advisory",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2026:3751"
            },
            {
              "tags": [
                "vdb-entry",
                "x_refsource_REDHAT"
              ],
              "url": "https://access.redhat.com/security/cve/CVE-2025-13033"
            },
            {
              "name": "RHBZ#2402179",
              "tags": [
                "issue-tracking",
                "x_refsource_REDHAT"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402179"
            },
            {
              "url": "https://github.com/nodemailer/nodemailer"
            },
            {
              "url": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626"
            },
            {
              "url": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-10-07T15:03:14.483Z",
              "value": "Reported to Red Hat."
            },
            {
              "lang": "en",
              "time": "2025-10-07T13:42:02.000Z",
              "value": "Made public."
            }
          ],
          "title": "Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict",
          "workarounds": [
            {
              "lang": "en",
              "value": "Currently there\u0027s no available mitigation for this flaw."
            }
          ],
          "x_generator": {
            "engine": "cvelib 1.8.0"
          },
          "x_redhatCweChain": "CWE-1286: Improper Validation of Syntactic Correctness of Input"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2025-13033",
        "datePublished": "2025-11-14T19:37:08.224Z",
        "dateReserved": "2025-11-11T16:15:03.749Z",
        "dateUpdated": "2026-05-11T11:26:36.924Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }