Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for spdystream by moby

    CVE-2026-35469 (GCVE-0-2026-35469)

    Vulnerability from nvd – Published: 2026-04-16 21:19 – Updated: 2026-06-30 12:05
    VLAI
    Title
    SpdyStream: DOS on CRI
    Summary
    spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes — all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1.
    Severity
    8.7 (High)
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
    6.5 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://github.com/moby/spdystream/security/advis… x_refsource_CONFIRM
    https://github.com/moby/spdystream/releases/tag/v0.5.1 x_refsource_MISC
    https://access.redhat.com/security/cve/CVE-2026-35469 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2457729 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:17704 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13829 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11070 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13791 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33078 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33071 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27914 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27983 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27903 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27941 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21697 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21692 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23235 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25046 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17599 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17598 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17449 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12118 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21658 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25201 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20042 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27004 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25194 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17469 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29801 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17475 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20034 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29835 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25207 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27010 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19108 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17121 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17123 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    moby spdystream Affected: < 0.5.1
    		Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.13     cpe:/a:redhat:acm:2.13::el9
    		 Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.10     cpe:/a:redhat:advanced_cluster_security:4.10::el8
    		 Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.8     cpe:/a:redhat:advanced_cluster_security:4.8::el8
    		 Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.9     cpe:/a:redhat:advanced_cluster_security:4.9::el8
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.16     cpe:/a:redhat:container_native_virtualization:4.16::el9
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.17     cpe:/a:redhat:container_native_virtualization:4.17::el9
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.19     cpe:/a:redhat:container_native_virtualization:4.19::el9
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.20     cpe:/a:redhat:container_native_virtualization:4.20::el9
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.21     cpe:/a:redhat:container_native_virtualization:4.21::el9
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.22     cpe:/a:redhat:container_native_virtualization:4.22::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.22     cpe:/a:redhat:openshift:4.22::el9
    		 Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.10     cpe:/a:redhat:multicluster_engine:2.10::el9
    		 Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.11     cpe:/a:redhat:multicluster_engine:2.11::el9
    		 Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.8     cpe:/a:redhat:multicluster_engine:2.8::el9
    		 Create a notification for this product.
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    		 Create a notification for this product.
    Red Hat Dynamic Accelerator Slicer Operator for Red Hat OpenShift     cpe:/a:redhat:dynamic_accelerator_slicer:1
    		 Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    		 Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    		 Create a notification for this product.
    Red Hat Red Hat Edge Manager 1     cpe:/a:redhat:edge_manager:1
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    		 Create a notification for this product.
    Red Hat External Secrets Operator for Red Hat OpenShift     cpe:/a:redhat:external_secrets_operator:1
    		 Create a notification for this product.
    Red Hat Logical Volume Manager Storage     cpe:/a:redhat:lvms:4
    		 Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    		 Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3     cpe:/a:redhat:openshift_distributed_tracing:3
    		 Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    		 Create a notification for this product.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35469",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-17T12:37:18.505269Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-17T12:37:27.329Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:acm:2.13::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.20",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.22::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.22",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.12::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.13::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.14::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.15::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.20",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.22::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.22",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.10::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.11::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.11",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.8::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cert_manager:1"
            ],
            "defaultStatus": "affected",
            "product": "cert-manager Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:dynamic_accelerator_slicer:1"
            ],
            "defaultStatus": "affected",
            "product": "Dynamic Accelerator Slicer Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Engine for Kubernetes",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:edge_manager:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Edge Manager 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:windows_machine_config"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift for Windows Containers",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Virtualization 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:external_secrets_operator:1"
            ],
            "defaultStatus": "unaffected",
            "product": "External Secrets Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:lvms:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Logical Volume Manager Storage",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Advanced Cluster Security 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Openshift Data Foundation 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_distributed_tracing:3"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift distributed tracing 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Zero Trust Workload Identity Manager",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-13T23:59:59.000Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Service (DoS) by causing the affected components to become unresponsive."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:05:58.784Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-35469"
          },
          {
            "name": "RHBZ#2457729",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457729"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35469.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13829"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11070"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11217"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13791"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33078"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33071"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27914"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27983"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27903"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27941"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21697"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21692"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25009"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23235"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20089"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25046"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17599"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17598"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17449"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12118"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21658"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20042"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27004"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25194"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27063"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:29801"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25187"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17475"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20034"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:29835"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25207"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27010"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19099"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19108"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17121"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17123"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:17704: Red Hat Advanced Cluster Management for Kubernetes 2.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11070: Red Hat Advanced Cluster Security for Kubernetes 4.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11217: Red Hat Advanced Cluster Security for Kubernetes 4.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33078: Red Hat Container Native Virtualization 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33071: Red Hat Container Native Virtualization 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27914: Red Hat Container Native Virtualization 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27983: Red Hat Container Native Virtualization 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27903: Red Hat Container Native Virtualization 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27941: Red Hat Container Native Virtualization 4.22"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21697: Red Hat OpenShift Container Platform 4.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21692: Red Hat OpenShift Container Platform 4.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25009: Red Hat OpenShift Container Platform 4.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23235: Red Hat OpenShift Container Platform 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20089: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25046: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17599: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17449: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12118: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21658: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25201: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20042: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27004: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25194: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17469: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:29801: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25187: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17475: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20034: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:29835: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25207: Red Hat OpenShift Container Platform 4.22"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27010: Red Hat OpenShift Container Platform 4.22"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19099: multicluster engine for Kubernetes 2.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19108: multicluster engine for Kubernetes 2.11"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17121: multicluster engine for Kubernetes 2.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17123: multicluster engine for Kubernetes 2.8"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-13T03:52:35.000Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-13T23:59:59.000Z",
            "value": "Made public."
          }
        ],
        "title": "Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code",
        "workarounds": [
          {
            "lang": "en",
            "value": "To mitigate this issue, review and restrict the assignment of Kubernetes cluster roles `pods/portforward (create)`, `pods/exec (create)`, `pods/attach (create)`, and `nodes/proxy (get/create)` to untrusted users or service accounts. Ensure that only authorized and necessary entities possess these permissions. Modifying RBAC policies can impact the functionality of applications and services that rely on these permissions; careful testing is recommended."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "spdystream",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.5.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes \u2014 all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T21:19:23.516Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2"
        },
        {
          "name": "https://github.com/moby/spdystream/releases/tag/v0.5.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/spdystream/releases/tag/v0.5.1"
        }
      ],
      "source": {
        "advisory": "GHSA-pc3f-x583-g7j2",
        "discovery": "UNKNOWN"
      },
      "title": "SpdyStream: DOS on CRI"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-35469",
    "datePublished": "2026-04-16T21:19:23.516Z",
    "dateReserved": "2026-04-02T20:49:44.452Z",
    "dateUpdated": "2026-06-30T12:05:58.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

    CVE-2026-35469 (GCVE-0-2026-35469)

    Vulnerability from cvelistv5 – Published: 2026-04-16 21:19 – Updated: 2026-06-30 12:05
    VLAI
    Title
    SpdyStream: DOS on CRI
    Summary
    spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes — all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1.
    Severity
    8.7 (High)
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
    6.5 (Medium)
    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    URL Tags
    https://github.com/moby/spdystream/security/advis… x_refsource_CONFIRM
    https://github.com/moby/spdystream/releases/tag/v0.5.1 x_refsource_MISC
    https://access.redhat.com/security/cve/CVE-2026-35469 vdb-entryx_refsource_REDHAT
    https://bugzilla.redhat.com/show_bug.cgi?id=2457729 issue-trackingx_refsource_REDHAT
    https://security.access.redhat.com/data/csaf/v2/v… x_sadp-csaf-vex
    https://access.redhat.com/errata/RHSA-2026:17704 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13829 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11070 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:11217 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:13791 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33078 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:33071 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27914 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27983 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27903 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27941 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21697 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21692 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25009 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:23235 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20089 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25046 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17599 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17598 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17449 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:12118 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:21658 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25201 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20042 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27004 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20041 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25194 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17469 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27063 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17468 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29801 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25187 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17475 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:20034 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:29835 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:25207 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:27010 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19099 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:19108 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17121 vendor-advisoryx_refsource_REDHAT
    https://access.redhat.com/errata/RHSA-2026:17123 vendor-advisoryx_refsource_REDHAT
    Impacted products
    Vendor Product Version
    moby spdystream Affected: < 0.5.1
    		Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2.13     cpe:/a:redhat:acm:2.13::el9
    		 Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.10     cpe:/a:redhat:advanced_cluster_security:4.10::el8
    		 Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.8     cpe:/a:redhat:advanced_cluster_security:4.8::el8
    		 Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security for Kubernetes 4.9     cpe:/a:redhat:advanced_cluster_security:4.9::el8
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.16     cpe:/a:redhat:container_native_virtualization:4.16::el9
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.17     cpe:/a:redhat:container_native_virtualization:4.17::el9
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.19     cpe:/a:redhat:container_native_virtualization:4.19::el9
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.20     cpe:/a:redhat:container_native_virtualization:4.20::el9
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.21     cpe:/a:redhat:container_native_virtualization:4.21::el9
    		 Create a notification for this product.
    Red Hat Red Hat Container Native Virtualization 4.22     cpe:/a:redhat:container_native_virtualization:4.22::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.12     cpe:/a:redhat:openshift:4.12::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.13     cpe:/a:redhat:openshift:4.13::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.14     cpe:/a:redhat:openshift:4.14::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.15     cpe:/a:redhat:openshift:4.15::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.16     cpe:/a:redhat:openshift:4.16::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.17     cpe:/a:redhat:openshift:4.17::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.18     cpe:/a:redhat:openshift:4.18::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.19     cpe:/a:redhat:openshift:4.19::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.20     cpe:/a:redhat:openshift:4.20::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.21     cpe:/a:redhat:openshift:4.21::el9
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4.22     cpe:/a:redhat:openshift:4.22::el9
    		 Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.10     cpe:/a:redhat:multicluster_engine:2.10::el9
    		 Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.11     cpe:/a:redhat:multicluster_engine:2.11::el9
    		 Create a notification for this product.
    Red Hat multicluster engine for Kubernetes 2.8     cpe:/a:redhat:multicluster_engine:2.8::el9
    		 Create a notification for this product.
    Red Hat cert-manager Operator for Red Hat OpenShift     cpe:/a:redhat:cert_manager:1
    		 Create a notification for this product.
    Red Hat Dynamic Accelerator Slicer Operator for Red Hat OpenShift     cpe:/a:redhat:dynamic_accelerator_slicer:1
    		 Create a notification for this product.
    Red Hat Multicluster Engine for Kubernetes     cpe:/a:redhat:multicluster_engine
    		 Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Management for Kubernetes 2     cpe:/a:redhat:acm:2
    		 Create a notification for this product.
    Red Hat Red Hat Edge Manager 1     cpe:/a:redhat:edge_manager:1
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift for Windows Containers     cpe:/a:redhat:windows_machine_config
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift GitOps     cpe:/a:redhat:openshift_gitops:1
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift Virtualization 4     cpe:/a:redhat:container_native_virtualization:4
    		 Create a notification for this product.
    Red Hat External Secrets Operator for Red Hat OpenShift     cpe:/a:redhat:external_secrets_operator:1
    		 Create a notification for this product.
    Red Hat Logical Volume Manager Storage     cpe:/a:redhat:lvms:4
    		 Create a notification for this product.
    Red Hat Red Hat Advanced Cluster Security 4     cpe:/a:redhat:advanced_cluster_security:4
    		 Create a notification for this product.
    Red Hat Red Hat Openshift Data Foundation 4     cpe:/a:redhat:openshift_data_foundation:4
    		 Create a notification for this product.
    Red Hat Red Hat OpenShift distributed tracing 3     cpe:/a:redhat:openshift_distributed_tracing:3
    		 Create a notification for this product.
    Red Hat Zero Trust Workload Identity Manager     cpe:/a:redhat:zero_trust_workload_identity_manager:1
    		 Create a notification for this product.
    Show details on NVD website
    To clipboard 

    {
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35469",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-17T12:37:18.505269Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-17T12:37:27.329Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/a:redhat:acm:2.13::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.10::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.20",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4.22::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Container Native Virtualization 4.22",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.12::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.12",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.13::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.13",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.14::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.14",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.15::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.15",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.16::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.16",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.17::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.17",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.18::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.18",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.19::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.19",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.20::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.20",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.21::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.21",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4.22::el9"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4.22",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.10::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.10",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.11::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.11",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine:2.8::el9"
            ],
            "defaultStatus": "affected",
            "product": "multicluster engine for Kubernetes 2.8",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:cert_manager:1"
            ],
            "defaultStatus": "affected",
            "product": "cert-manager Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:dynamic_accelerator_slicer:1"
            ],
            "defaultStatus": "affected",
            "product": "Dynamic Accelerator Slicer Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:multicluster_engine"
            ],
            "defaultStatus": "affected",
            "product": "Multicluster Engine for Kubernetes",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:acm:2"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Advanced Cluster Management for Kubernetes 2",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:edge_manager:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Edge Manager 1",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Container Platform 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:windows_machine_config"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift for Windows Containers",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_gitops:1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift GitOps",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:container_native_virtualization:4"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat OpenShift Virtualization 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:external_secrets_operator:1"
            ],
            "defaultStatus": "unaffected",
            "product": "External Secrets Operator for Red Hat OpenShift",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:lvms:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Logical Volume Manager Storage",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:advanced_cluster_security:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Advanced Cluster Security 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_data_foundation:4"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat Openshift Data Foundation 4",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:openshift_distributed_tracing:3"
            ],
            "defaultStatus": "unaffected",
            "product": "Red Hat OpenShift distributed tracing 3",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:zero_trust_workload_identity_manager:1"
            ],
            "defaultStatus": "unaffected",
            "product": "Zero Trust Workload Identity Manager",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-04-13T23:59:59.000Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Service (DoS) by causing the affected components to become unresponsive."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T12:05:58.784Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2026-35469"
          },
          {
            "name": "RHBZ#2457729",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457729"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-35469.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17704"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13829"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11070"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:11217"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:13791"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33078"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:33071"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27914"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27983"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27903"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27941"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21697"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21692"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25009"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:23235"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20089"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25046"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17599"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17598"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17449"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:12118"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:21658"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25201"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20042"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27004"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20041"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25194"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17469"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27063"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17468"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:29801"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25187"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17475"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:20034"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:29835"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:25207"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:27010"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19099"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:19108"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17121"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:17123"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:17704: Red Hat Advanced Cluster Management for Kubernetes 2.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11070: Red Hat Advanced Cluster Security for Kubernetes 4.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:11217: Red Hat Advanced Cluster Security for Kubernetes 4.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33078: Red Hat Container Native Virtualization 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:33071: Red Hat Container Native Virtualization 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27914: Red Hat Container Native Virtualization 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27983: Red Hat Container Native Virtualization 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27903: Red Hat Container Native Virtualization 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27941: Red Hat Container Native Virtualization 4.22"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21697: Red Hat OpenShift Container Platform 4.12"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21692: Red Hat OpenShift Container Platform 4.13"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25009: Red Hat OpenShift Container Platform 4.14"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:23235: Red Hat OpenShift Container Platform 4.15"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20089: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25046: Red Hat OpenShift Container Platform 4.16"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17599: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17598: Red Hat OpenShift Container Platform 4.17"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17449: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:12118: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:21658: Red Hat OpenShift Container Platform 4.18"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25201: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20042: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27004: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20041: Red Hat OpenShift Container Platform 4.19"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25194: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17469: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27063: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17468: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:29801: Red Hat OpenShift Container Platform 4.20"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25187: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17475: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:20034: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:29835: Red Hat OpenShift Container Platform 4.21"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:25207: Red Hat OpenShift Container Platform 4.22"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:27010: Red Hat OpenShift Container Platform 4.22"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19099: multicluster engine for Kubernetes 2.10"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:19108: multicluster engine for Kubernetes 2.11"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17121: multicluster engine for Kubernetes 2.8"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:17123: multicluster engine for Kubernetes 2.8"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-04-13T03:52:35.000Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-04-13T23:59:59.000Z",
            "value": "Made public."
          }
        ],
        "title": "Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code",
        "workarounds": [
          {
            "lang": "en",
            "value": "To mitigate this issue, review and restrict the assignment of Kubernetes cluster roles `pods/portforward (create)`, `pods/exec (create)`, `pods/attach (create)`, and `nodes/proxy (get/create)` to untrusted users or service accounts. Ensure that only authorized and necessary entities possess these permissions. Modifying RBAC policies can impact the functionality of applications and services that rely on these permissions; careful testing is recommended."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "spdystream",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.5.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocating memory. Three allocation paths are affected: the SETTINGS frame entry count, the header count in parseHeaderValueBlock, and individual header field sizes \u2014 all read as 32-bit integers and used directly as allocation sizes with no bounds checking. Because SPDY header blocks are zlib-compressed, a small on-the-wire payload can decompress into large attacker-controlled values. A remote peer that can send SPDY frames to a service using spdystream can exhaust process memory and cause an out-of-memory crash with a single crafted control frame. This issue has been fixed in version 0.5.1."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T21:19:23.516Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/spdystream/security/advisories/GHSA-pc3f-x583-g7j2"
        },
        {
          "name": "https://github.com/moby/spdystream/releases/tag/v0.5.1",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/spdystream/releases/tag/v0.5.1"
        }
      ],
      "source": {
        "advisory": "GHSA-pc3f-x583-g7j2",
        "discovery": "UNKNOWN"
      },
      "title": "SpdyStream: DOS on CRI"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-35469",
    "datePublished": "2026-04-16T21:19:23.516Z",
    "dateReserved": "2026-04-02T20:49:44.452Z",
    "dateUpdated": "2026-06-30T12:05:58.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}