Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for golang.org/x/net/idna by golang.org/x/net

    CVE-2026-39821 (GCVE-0-2026-39821)

    Vulnerability from nvd – Published: 2026-05-22 15:01 – Updated: 2026-07-10 12:05
    VLAI
    Title
    Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
    Summary
    The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1289 - Improper Validation of Unsafe Equivalence in Input
    Assigner
    Go
    References
    URL Tags
    https://go.dev/cl/767220
    https://go.dev/issue/78760
    https://groups.google.com/g/golang-announce/c/iI-…
    https://pkg.go.dev/vuln/GO-2026-5026
    https://access.redhat.com/security/cve/CVE-2026-39821 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2480756 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:34789 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36796 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30855 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35826 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34357 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35830 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35831 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30854 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35829 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34359 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34342 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36808 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34364 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30651 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26547 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36207 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26546 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36651 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33531 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33524 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23262 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23264 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36648 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36820 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35994 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35993 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33155 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33163 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33173 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33183 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33160 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:37387 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36797 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36105 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36167 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30650 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36883 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    golang.org/x/net golang.org/x/net/idna Affected: 0 , < 0.55.0 (semver)
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.22     cpe:/a:redhat:openshift:4.22::el8
        cpe:/a:redhat:openshift:4.22::el9
    Create a notification for this product.
    Red Hat RHEM 1.0 for RHEL 9     cpe:/a:redhat:edge_manager:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Cluster Observability Operator 1.5.0     cpe:/a:redhat:cluster_observability_operator:1.5::el9
    Create a notification for this product.
    Red Hat DevWorkspace Operator 0.42     cpe:/a:redhat:devworkspace:0.42::el9
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift 6.4     cpe:/a:redhat:logging:6.4::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.13     cpe:/a:redhat:acm:2.13::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.10     cpe:/a:redhat:advanced_cluster_security:4.10::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.11     cpe:/a:redhat:advanced_cluster_security:4.11::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.9     cpe:/a:redhat:advanced_cluster_security:4.9::el8
    Create a notification for this product.
    Red Hat Red Hat Edge Manager 1.0     cpe:/a:redhat:edge_manager:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.4     cpe:/a:redhat:enterprise_linux_ai:3.4::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Builds 1.7.4     cpe:/a:redhat:openshift_builds:1.7::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces 3.29     cpe:/a:redhat:openshift_devspaces:3.29::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.19     cpe:/a:redhat:openshift_gitops:1.19::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.20     cpe:/a:redhat:openshift_gitops:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 2.6     cpe:/a:redhat:service_mesh:2.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.1     cpe:/a:redhat:service_mesh:3.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.2     cpe:/a:redhat:service_mesh:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.3     cpe:/a:redhat:service_mesh:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3.0::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4.22     cpe:/a:redhat:openshift_data_foundation:4.22::el9
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer 1.4     cpe:/a:redhat:trusted_artifact_signer:1.4::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.6     cpe:/a:redhat:multicluster_engine:2.6::el8
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.8     cpe:/a:redhat:multicluster_engine:2.8::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.9     cpe:/a:redhat:multicluster_engine:2.9::el9
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    Create a notification for this product.
    Red Hat Compliance Operator     cpe:/a:redhat:openshift_compliance_operator:1
    Create a notification for this product.
    Red Hat Confidential Compute Attestation     cpe:/a:redhat:confidential_compute_attestation:1
    Create a notification for this product.
    Red Hat Deployment Validation Operator     cpe:/a:redhat:deployment_validator_operator
    Create a notification for this product.
    Red Hat External Secrets Operator for Red Hat OpenShift     cpe:/a:redhat:external_secrets_operator:1
    Create a notification for this product.
    Red Hat Fence Agents Remediation Operator     cpe:/a:redhat:workload_availability_far:0
    Create a notification for this product.
    Red Hat File Integrity Operator     cpe:/a:redhat:openshift_file_integrity_operator:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Logical Volume Manager Storage     cpe:/a:redhat:lvms:4
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat Migration Toolkit for Containers     cpe:/a:redhat:rhmt:1
    Create a notification for this product.
    Red Hat Multiarch Tuning Operator     cpe:/a:redhat:multiarch_tuning_operator
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Multicluster Global Hub     cpe:/a:redhat:multicluster_globalhub
    Create a notification for this product.
    Red Hat Network Observability Operator     cpe:/a:redhat:network_observ_optr:1
    Create a notification for this product.
    Red Hat Node HealthCheck Operator     cpe:/a:redhat:workload_availability_nhc:0
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection     cpe:/a:redhat:openshift_api_data_protection:1
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Power monitoring for Red Hat OpenShift     cpe:/a:redhat:openshift_power_monitoring
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 5     cpe:/a:redhat:ceph_storage:5
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 6     cpe:/a:redhat:ceph_storage:6
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 8     cpe:/a:redhat:ceph_storage:8
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9     cpe:/a:redhat:ceph_storage:9
    Create a notification for this product.
    Red Hat Red Hat Certification Program for Red Hat Enterprise Linux 9     cpe:/a:redhat:certifications:9
    Create a notification for this product.
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat Lightspeed for Runtimes Operator     cpe:/a:redhat:lightspeed_for_runtimes:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Cluster Manager CLI     cpe:/a:redhat:openshift_cluster_manager_cli:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenShift on AWS     cpe:/a:redhat:openshift_service_on_aws:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Web Terminal     cpe:/a:redhat:webterminal:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat streams for Apache Kafka 3     cpe:/a:redhat:amq_streams:3
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Red Hat Cryostat 4     cpe:/a:redhat:cryostat:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 2     cpe:/a:redhat:service_interconnect:2
    Create a notification for this product.
    Credits
    KC1zs4 (https://github.com/KC1zs4)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-39821",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-23T03:55:58.522682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1289",
                    "description": "CWE-1289 Improper Validation of Unsafe Equivalence in Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T13:13:15.606Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.22::el8",
                  "cpe:/a:redhat:openshift:4.22::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.22",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "RHEM 1.0 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cluster_observability_operator:1.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Cluster Observability Operator 1.5.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:devworkspace:0.42::el9"
                ],
                "defaultStatus": "affected",
                "product": "DevWorkspace Operator 0.42",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:6.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift 6.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.11::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.11",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Edge Manager 1.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI 3.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1.7::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Builds 1.7.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3.29::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces 3.29",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.19::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps 1.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps 1.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2.6::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4.22",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer 1.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.6::el8"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.8::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "affected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cert_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "cert-manager Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_compliance_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Compliance Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:confidential_compute_attestation:1"
                ],
                "defaultStatus": "affected",
                "product": "Confidential Compute Attestation",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:deployment_validator_operator"
                ],
                "defaultStatus": "affected",
                "product": "Deployment Validation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:external_secrets_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "External Secrets Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_far:0"
                ],
                "defaultStatus": "affected",
                "product": "Fence Agents Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_file_integrity_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "File Integrity Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "affected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lvms:4"
                ],
                "defaultStatus": "affected",
                "product": "Logical Volume Manager Storage",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "affected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhmt:1"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multiarch_tuning_operator"
                ],
                "defaultStatus": "affected",
                "product": "Multiarch Tuning Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:network_observ_optr:1"
                ],
                "defaultStatus": "affected",
                "product": "Network Observability Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_nhc:0"
                ],
                "defaultStatus": "affected",
                "product": "Node HealthCheck Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ocp_tools"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Developer Tools and Services",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_power_monitoring"
                ],
                "defaultStatus": "affected",
                "product": "Power monitoring for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:5"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:certifications:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:connectivity_link:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Connectivity Link 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lightspeed_for_runtimes:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Lightspeed for Runtimes Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_cluster_manager_cli:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Cluster Manager CLI",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_service_on_aws:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift on AWS",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_streams:3"
                ],
                "defaultStatus": "affected",
                "product": "streams for Apache Kafka 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Cryostat 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Service Interconnect 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Service Interconnect 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-22T15:01:21.462Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1289",
                    "description": "Improper Validation of Unsafe Equivalence in Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:05:36.478Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-39821"
              },
              {
                "name": "RHBZ#2480756",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34789"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36796"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30855"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35827"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35826"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34357"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35830"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35831"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30854"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35828"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35829"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34359"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34342"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36808"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34364"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30651"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26547"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36207"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26546"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36651"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33531"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33524"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23262"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23264"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36648"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36820"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35994"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35993"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33155"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33163"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33173"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33183"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33160"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37387"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36797"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36105"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36167"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30650"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36883"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:34789: Red Hat OpenShift Container Platform 4.22"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30855: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35827: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35826: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34357: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30853: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35830: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35831: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30854: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35828: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35829: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34359: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36808: DevWorkspace Operator 0.42"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26547: Red Hat Advanced Cluster Security for Kubernetes 4.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26546: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36651: Red Hat Edge Manager 1.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33531: Red Hat Enterprise Linux AI 3.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33524: Red Hat Enterprise Linux AI 3.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23262: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23264: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35994: Red Hat OpenShift GitOps 1.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35993: Red Hat OpenShift GitOps 1.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:37387: Red Hat Openshift Data Foundation 4.22"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36797: Red Hat Trusted Artifact Signer 1.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36105: multicluster engine for Kubernetes 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36167: multicluster engine for Kubernetes 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36883: multicluster engine for Kubernetes 2.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-22T16:00:52.844Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-22T15:01:21.462Z",
                "value": "Made public."
              }
            ],
            "title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
            "workarounds": [
              {
                "lang": "en",
                "value": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "golang.org/x/net/idna",
              "product": "golang.org/x/net/idna",
              "programRoutines": [
                {
                  "name": "Profile.process"
                },
                {
                  "name": "Profile.ToASCII"
                },
                {
                  "name": "Profile.ToUnicode"
                },
                {
                  "name": "ToASCII"
                },
                {
                  "name": "ToUnicode"
                }
              ],
              "vendor": "golang.org/x/net",
              "versions": [
                {
                  "lessThan": "0.55.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "KC1zs4 (https://github.com/KC1zs4)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-1289: Improper Validation of Unsafe Equivalence in Input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T15:01:21.462Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/767220"
            },
            {
              "url": "https://go.dev/issue/78760"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-5026"
            }
          ],
          "title": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2026-39821",
        "datePublished": "2026-05-22T15:01:21.462Z",
        "dateReserved": "2026-04-07T18:13:03.526Z",
        "dateUpdated": "2026-07-10T12:05:36.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-39821 (GCVE-0-2026-39821)

    Vulnerability from cvelistv5 – Published: 2026-05-22 15:01 – Updated: 2026-07-10 12:05
    VLAI
    Title
    Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
    Summary
    The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1289 - Improper Validation of Unsafe Equivalence in Input
    Assigner
    Go
    References
    URL Tags
    https://go.dev/cl/767220
    https://go.dev/issue/78760
    https://groups.google.com/g/golang-announce/c/iI-…
    https://pkg.go.dev/vuln/GO-2026-5026
    https://access.redhat.com/security/cve/CVE-2026-39821 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2480756 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:34789 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36796 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30855 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35827 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35826 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34357 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30853 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35830 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35831 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30854 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35828 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35829 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34359 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34342 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36808 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:34364 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30651 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26547 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36207 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:26546 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36651 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33531 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33524 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23262 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23264 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36648 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36820 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35994 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:35993 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33155 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33163 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33173 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33183 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33160 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:37387 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36797 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36105 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36167 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:30650 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:36883 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    golang.org/x/net golang.org/x/net/idna Affected: 0 , < 0.55.0 (semver)
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.22     cpe:/a:redhat:openshift:4.22::el8
        cpe:/a:redhat:openshift:4.22::el9
    Create a notification for this product.
    Red Hat RHEM 1.0 for RHEL 9     cpe:/a:redhat:edge_manager:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 10)     cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 8)     cpe:/a:redhat:enterprise_linux:8::appstream
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AppStream (v. 9)     cpe:/a:redhat:enterprise_linux:9::appstream
    Create a notification for this product.
    Red Hat Cluster Observability Operator 1.5.0     cpe:/a:redhat:cluster_observability_operator:1.5::el9
    Create a notification for this product.
    Red Hat DevWorkspace Operator 0.42     cpe:/a:redhat:devworkspace:0.42::el9
    Create a notification for this product.
    Red Hat Logging Subsystem for Red Hat OpenShift 6.4     cpe:/a:redhat:logging:6.4::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.13     cpe:/a:redhat:acm:2.13::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.10     cpe:/a:redhat:advanced_cluster_security:4.10::el8
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.11     cpe:/a:redhat:advanced_cluster_security:4.11::el9
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.9     cpe:/a:redhat:advanced_cluster_security:4.9::el8
    Create a notification for this product.
    Red Hat Red Hat Edge Manager 1.0     cpe:/a:redhat:edge_manager:1.0::el9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI 3.4     cpe:/a:redhat:enterprise_linux_ai:3.4::el9
    Create a notification for this product.
    Red Hat Red Hat Hardened Images     cpe:/a:redhat:hummingbird:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Builds 1.7.4     cpe:/a:redhat:openshift_builds:1.7::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Dev Spaces 3.29     cpe:/a:redhat:openshift_devspaces:3.29::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.19     cpe:/a:redhat:openshift_gitops:1.19::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps 1.20     cpe:/a:redhat:openshift_gitops:1.20::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 2.6     cpe:/a:redhat:service_mesh:2.6::el8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.1     cpe:/a:redhat:service_mesh:3.1::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.2     cpe:/a:redhat:service_mesh:3.2::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3.3     cpe:/a:redhat:service_mesh:3.3::el9
    Create a notification for this product.
    Red Hat Red Hat OpenShift Service Mesh 3     cpe:/a:redhat:service_mesh:3.0::el9
    Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4.22     cpe:/a:redhat:openshift_data_foundation:4.22::el9
    Create a notification for this product.
    Red Hat Red Hat Trusted Artifact Signer 1.4     cpe:/a:redhat:trusted_artifact_signer:1.4::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.6     cpe:/a:redhat:multicluster_engine:2.6::el8
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.8     cpe:/a:redhat:multicluster_engine:2.8::el9
    Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.9     cpe:/a:redhat:multicluster_engine:2.9::el9
    Create a notification for this product.
    Red Hat Assisted Installer for Red Hat OpenShift Container Platform 2     cpe:/a:redhat:assisted_installer:2
    Create a notification for this product.
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    Create a notification for this product.
    Red Hat Compliance Operator     cpe:/a:redhat:openshift_compliance_operator:1
    Create a notification for this product.
    Red Hat Confidential Compute Attestation     cpe:/a:redhat:confidential_compute_attestation:1
    Create a notification for this product.
    Red Hat Deployment Validation Operator     cpe:/a:redhat:deployment_validator_operator
    Create a notification for this product.
    Red Hat External Secrets Operator for Red Hat OpenShift     cpe:/a:redhat:external_secrets_operator:1
    Create a notification for this product.
    Red Hat Fence Agents Remediation Operator     cpe:/a:redhat:workload_availability_far:0
    Create a notification for this product.
    Red Hat File Integrity Operator     cpe:/a:redhat:openshift_file_integrity_operator:1
    Create a notification for this product.
    Red Hat Gatekeeper 3     cpe:/a:redhat:gatekeeper:3
    Create a notification for this product.
    Red Hat Logical Volume Manager Storage     cpe:/a:redhat:lvms:4
    Create a notification for this product.
    Red Hat Machine Deletion Remediation Operator     cpe:/a:redhat:workload_availability_mdr:0
    Create a notification for this product.
    Red Hat Migration Toolkit for Applications 8     cpe:/a:redhat:migration_toolkit_applications:8
    Create a notification for this product.
    Red Hat Migration Toolkit for Containers     cpe:/a:redhat:rhmt:1
    Create a notification for this product.
    Red Hat Multiarch Tuning Operator     cpe:/a:redhat:multiarch_tuning_operator
    Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    Create a notification for this product.
    Red Hat Multicluster Global Hub     cpe:/a:redhat:multicluster_globalhub
    Create a notification for this product.
    Red Hat Network Observability Operator     cpe:/a:redhat:network_observ_optr:1
    Create a notification for this product.
    Red Hat Node HealthCheck Operator     cpe:/a:redhat:workload_availability_nhc:0
    Create a notification for this product.
    Red Hat OpenShift API for Data Protection     cpe:/a:redhat:openshift_api_data_protection:1
    Create a notification for this product.
    Red Hat OpenShift Developer Tools and Services     cpe:/a:redhat:ocp_tools
    Create a notification for this product.
    Red Hat OpenShift Lightspeed     cpe:/a:redhat:openshift_lightspeed
    Create a notification for this product.
    Red Hat OpenShift Pipelines     cpe:/a:redhat:openshift_pipelines:1
    Create a notification for this product.
    Red Hat OpenShift Serverless     cpe:/a:redhat:serverless:1
    Create a notification for this product.
    Red Hat Power monitoring for Red Hat OpenShift     cpe:/a:redhat:openshift_power_monitoring
    Create a notification for this product.
    Red Hat Red Hat 3scale API Management Platform 2     cpe:/a:redhat:red_hat_3scale_amp:2
    Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    Create a notification for this product.
    Red Hat Red Hat Ansible Automation Platform 2     cpe:/a:redhat:ansible_automation_platform:2
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 5     cpe:/a:redhat:ceph_storage:5
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 6     cpe:/a:redhat:ceph_storage:6
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 8     cpe:/a:redhat:ceph_storage:8
    Create a notification for this product.
    Red Hat Red Hat Ceph Storage 9     cpe:/a:redhat:ceph_storage:9
    Create a notification for this product.
    Red Hat Red Hat Certification Program for Red Hat Enterprise Linux 9     cpe:/a:redhat:certifications:9
    Create a notification for this product.
    Red Hat Red Hat Connectivity Link 1     cpe:/a:redhat:connectivity_link:1
    Create a notification for this product.
    Red Hat Red Hat Developer Hub     cpe:/a:redhat:rhdh:1
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10     cpe:/o:redhat:enterprise_linux:10
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux AI (RHEL AI) 3     cpe:/a:redhat:enterprise_linux_ai:3
    Create a notification for this product.
    Red Hat Red Hat Lightspeed for Runtimes Operator     cpe:/a:redhat:lightspeed_for_runtimes:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift AI (RHOAI)     cpe:/a:redhat:openshift_ai
    Create a notification for this product.
    Red Hat Red Hat OpenShift Cluster Manager CLI     cpe:/a:redhat:openshift_cluster_manager_cli:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    Create a notification for this product.
    Red Hat Red Hat OpenShift on AWS     cpe:/a:redhat:openshift_service_on_aws:1
    Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 16.2     cpe:/a:redhat:openstack:16.2
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 17.1     cpe:/a:redhat:openstack:17.1
    Create a notification for this product.
    Red Hat Red Hat Quay 3     cpe:/a:redhat:quay:3
    Create a notification for this product.
    Red Hat Red Hat Satellite 6     cpe:/a:redhat:satellite:6
    Create a notification for this product.
    Red Hat Red Hat Web Terminal     cpe:/a:redhat:webterminal:1
    Create a notification for this product.
    Red Hat Security Profiles Operator     cpe:/a:redhat:openshift_security_profiles_operator:1
    Create a notification for this product.
    Red Hat streams for Apache Kafka 3     cpe:/a:redhat:amq_streams:3
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager - Tech Preview     cpe:/a:redhat:zero_trust_workload_identity_manager:0
    Create a notification for this product.
    Red Hat Cryostat 4     cpe:/a:redhat:cryostat:4
    Create a notification for this product.
    Red Hat Red Hat OpenStack Platform 18.0     cpe:/a:redhat:openstack:18.0
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 1     cpe:/a:redhat:service_interconnect:1
    Create a notification for this product.
    Red Hat Red Hat Service Interconnect 2     cpe:/a:redhat:service_interconnect:2
    Create a notification for this product.
    Credits
    KC1zs4 (https://github.com/KC1zs4)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-39821",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-23T03:55:58.522682Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1289",
                    "description": "CWE-1289 Improper Validation of Unsafe Equivalence in Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-27T13:13:15.606Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4.22::el8",
                  "cpe:/a:redhat:openshift:4.22::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4.22",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "RHEM 1.0 for RHEL 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 10)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:8::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 8)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9::appstream"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AppStream (v. 9)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cluster_observability_operator:1.5::el9"
                ],
                "defaultStatus": "affected",
                "product": "Cluster Observability Operator 1.5.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:devworkspace:0.42::el9"
                ],
                "defaultStatus": "affected",
                "product": "DevWorkspace Operator 0.42",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:logging:6.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Logging Subsystem for Red Hat OpenShift 6.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2.13::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.11::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.11",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:edge_manager:1.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Edge Manager 1.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI 3.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:hummingbird:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Hardened Images",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_builds:1.7::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Builds 1.7.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_devspaces:3.29::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Dev Spaces 3.29",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.19::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps 1.19",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_gitops:1.20::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift GitOps 1.20",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:2.6::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.1::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.2::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.3::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3.3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_mesh:3.0::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Service Mesh 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_data_foundation:4.22::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Openshift Data Foundation 4.22",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Trusted Artifact Signer 1.4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.6::el8"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.8::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine:2.9::el9"
                ],
                "defaultStatus": "affected",
                "product": "multicluster engine for Kubernetes 2.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:assisted_installer:2"
                ],
                "defaultStatus": "affected",
                "product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cert_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "cert-manager Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_compliance_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Compliance Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:confidential_compute_attestation:1"
                ],
                "defaultStatus": "affected",
                "product": "Confidential Compute Attestation",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:deployment_validator_operator"
                ],
                "defaultStatus": "affected",
                "product": "Deployment Validation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:external_secrets_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "External Secrets Operator for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_far:0"
                ],
                "defaultStatus": "affected",
                "product": "Fence Agents Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_file_integrity_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "File Integrity Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:gatekeeper:3"
                ],
                "defaultStatus": "affected",
                "product": "Gatekeeper 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lvms:4"
                ],
                "defaultStatus": "affected",
                "product": "Logical Volume Manager Storage",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_mdr:0"
                ],
                "defaultStatus": "affected",
                "product": "Machine Deletion Remediation Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:migration_toolkit_applications:8"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Applications 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhmt:1"
                ],
                "defaultStatus": "affected",
                "product": "Migration Toolkit for Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multiarch_tuning_operator"
                ],
                "defaultStatus": "affected",
                "product": "Multiarch Tuning Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_engine"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Engine for Kubernetes",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:multicluster_globalhub"
                ],
                "defaultStatus": "affected",
                "product": "Multicluster Global Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:network_observ_optr:1"
                ],
                "defaultStatus": "affected",
                "product": "Network Observability Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:workload_availability_nhc:0"
                ],
                "defaultStatus": "affected",
                "product": "Node HealthCheck Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_api_data_protection:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift API for Data Protection",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ocp_tools"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Developer Tools and Services",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_lightspeed"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Lightspeed",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_pipelines:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Pipelines",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:serverless:1"
                ],
                "defaultStatus": "affected",
                "product": "OpenShift Serverless",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_power_monitoring"
                ],
                "defaultStatus": "affected",
                "product": "Power monitoring for Red Hat OpenShift",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:red_hat_3scale_amp:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat 3scale API Management Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:acm:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ansible_automation_platform:2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ansible Automation Platform 2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:5"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 5",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:ceph_storage:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Ceph Storage 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:certifications:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:connectivity_link:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Connectivity Link 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:rhdh:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Developer Hub",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux_ai:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:lightspeed_for_runtimes:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Lightspeed for Runtimes Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_ai"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift AI (RHOAI)",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_cluster_manager_cli:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Cluster Manager CLI",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:windows_machine_config"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift for Windows Containers",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_service_on_aws:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift on AWS",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:container_native_virtualization:4"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenShift Virtualization 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:16.2"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 16.2",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:17.1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat OpenStack Platform 17.1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:quay:3"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Quay 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:satellite:6"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Satellite 6",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:webterminal:1"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Web Terminal",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openshift_security_profiles_operator:1"
                ],
                "defaultStatus": "affected",
                "product": "Security Profiles Operator",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:amq_streams:3"
                ],
                "defaultStatus": "affected",
                "product": "streams for Apache Kafka 3",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:zero_trust_workload_identity_manager:0"
                ],
                "defaultStatus": "affected",
                "product": "Zero Trust Workload Identity Manager - Tech Preview",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:cryostat:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Cryostat 4",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:openstack:18.0"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat OpenStack Platform 18.0",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:1"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Service Interconnect 1",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:service_interconnect:2"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Service Interconnect 2",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-22T15:01:21.462Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.2,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-1289",
                    "description": "Improper Validation of Unsafe Equivalence in Input",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-10T12:05:36.478Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-39821"
              },
              {
                "name": "RHBZ#2480756",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34789"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36796"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30855"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35827"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35826"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34357"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30853"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35830"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35831"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30854"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35828"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35829"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34359"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34342"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36808"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:34364"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30651"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26547"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36207"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:26546"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36651"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33531"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33524"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23262"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:23264"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36648"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36820"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35994"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:35993"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33155"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33163"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33173"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33183"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:33160"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:37387"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36797"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36105"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36167"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:30650"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:36883"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:34789: Red Hat OpenShift Container Platform 4.22"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30855: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35827: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35826: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34357: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30853: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35830: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35831: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30854: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35828: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35829: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34359: Red Hat Enterprise Linux AppStream (v. 9)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36808: DevWorkspace Operator 0.42"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26547: Red Hat Advanced Cluster Security for Kubernetes 4.10"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:26546: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36651: Red Hat Edge Manager 1.0"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33531: Red Hat Enterprise Linux AI 3.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33524: Red Hat Enterprise Linux AI 3.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23262: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:23264: Red Hat Hardened Images"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35994: Red Hat OpenShift GitOps 1.19"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:35993: Red Hat OpenShift GitOps 1.20"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:37387: Red Hat Openshift Data Foundation 4.22"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36797: Red Hat Trusted Artifact Signer 1.4"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36105: multicluster engine for Kubernetes 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36167: multicluster engine for Kubernetes 2.6"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:36883: multicluster engine for Kubernetes 2.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-22T16:00:52.844Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-22T15:01:21.462Z",
                "value": "Made public."
              }
            ],
            "title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
            "workarounds": [
              {
                "lang": "en",
                "value": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://pkg.go.dev",
              "defaultStatus": "unaffected",
              "packageName": "golang.org/x/net/idna",
              "product": "golang.org/x/net/idna",
              "programRoutines": [
                {
                  "name": "Profile.process"
                },
                {
                  "name": "Profile.ToASCII"
                },
                {
                  "name": "Profile.ToUnicode"
                },
                {
                  "name": "ToASCII"
                },
                {
                  "name": "ToUnicode"
                }
              ],
              "vendor": "golang.org/x/net",
              "versions": [
                {
                  "lessThan": "0.55.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "KC1zs4 (https://github.com/KC1zs4)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-1289: Improper Validation of Unsafe Equivalence in Input",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T15:01:21.462Z",
            "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
            "shortName": "Go"
          },
          "references": [
            {
              "url": "https://go.dev/cl/767220"
            },
            {
              "url": "https://go.dev/issue/78760"
            },
            {
              "url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
            },
            {
              "url": "https://pkg.go.dev/vuln/GO-2026-5026"
            }
          ],
          "title": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "assignerShortName": "Go",
        "cveId": "CVE-2026-39821",
        "datePublished": "2026-05-22T15:01:21.462Z",
        "dateReserved": "2026-04-07T18:13:03.526Z",
        "dateUpdated": "2026-07-10T12:05:36.478Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }