Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-31837 (GCVE-0-2026-31837)
Vulnerability from cvelistv5 – Published: 2026-03-10 21:57 – Updated: 2026-03-11 15:58
VLAI?
EPSS
Title
Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.
Summary
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.
Severity ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31837",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T15:53:25.811841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:58:29.647Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "istio",
"vendor": "istio",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.29.0-alpha.0, \u003c 1.29.1"
},
{
"status": "affected",
"version": "\u003e= 1.28.0-alpha.0, \u003c 1.28.5"
},
{
"status": "affected",
"version": "\u003c 1.27.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T21:57:44.387Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c"
}
],
"source": {
"advisory": "GHSA-v75c-crr9-733c",
"discovery": "UNKNOWN"
},
"title": "Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails."
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31837",
"datePublished": "2026-03-10T21:57:44.387Z",
"dateReserved": "2026-03-09T17:41:56.078Z",
"dateUpdated": "2026-03-11T15:58:29.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-31837\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-10T22:16:21.720\",\"lastModified\":\"2026-03-18T18:59:40.970\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.\"},{\"lang\":\"es\",\"value\":\"Istio es una plataforma abierta para conectar, gestionar y proteger microservicios. Antes de 1.29.1, 1.28.5 y 1.27.8, un usuario de Istio se ve afectado si el resolvedor JWKS deja de estar disponible o la obtenci\u00f3n falla, exponiendo valores predeterminados codificados independientemente del uso del recurso RequestAuthentication. Esta vulnerabilidad est\u00e1 corregida en 1.29.1, 1.28.5 y 1.27.8.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.27.8\",\"matchCriteriaId\":\"DE1D1FE4-AFED-401D-9806-64A2BCD3E4B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.28.0\",\"versionEndExcluding\":\"1.28.5\",\"matchCriteriaId\":\"B739C51C-21B8-4697-90E0-89D74035D191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.29.0\",\"versionEndExcluding\":\"1.29.1\",\"matchCriteriaId\":\"4E81CE4C-D040-4F85-AAFE-4CEA4906E14A\"}]}]}],\"references\":[{\"url\":\"https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Istio JWKS resolver to prevent private key material from being exposed when JWKS fetch fails.\", \"source\": {\"advisory\": \"GHSA-v75c-crr9-733c\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"istio\", \"product\": \"istio\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.29.0-alpha.0, \u003c 1.29.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 1.28.0-alpha.0, \u003c 1.28.5\"}, {\"status\": \"affected\", \"version\": \"\u003c 1.27.8\"}]}], \"references\": [{\"url\": \"https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c\", \"name\": \"https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200: Exposure of Sensitive Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-10T21:57:44.387Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-31837\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-11T15:53:25.811841Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-03-11T15:53:26.857Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-31837\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-10T21:57:44.387Z\", \"dateReserved\": \"2026-03-09T17:41:56.078Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-10T21:57:44.387Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:5948
Vulnerability from csaf_redhat - Published: 2026-03-26 14:31 - Updated: 2026-04-03 08:05Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.9
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.0.9
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.0.9, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
Security Fix(es):
* istio-rhel9-operator: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-cni-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-pilot-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-proxyv2-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-rhel9-operator: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-cni-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-pilot-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-proxyv2-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-rhel9-operator: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-cni-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-pilot-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-proxyv2-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-rhel9-operator: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-cni-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-pilot-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-proxyv2-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-rhel9-operator: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-cni-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-pilot-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-proxyv2-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-pilot-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)
* istio-proxyv2-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0
https://access.redhat.com/errata/RHSA-2026:5948
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0
https://access.redhat.com/errata/RHSA-2026:5948
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
8.6 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0
https://access.redhat.com/errata/RHSA-2026:5948
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
7.4 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0
https://access.redhat.com/errata/RHSA-2026:5948
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0
https://access.redhat.com/errata/RHSA-2026:5948
A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.
7.5 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0
https://access.redhat.com/errata/RHSA-2026:5948
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.0.9\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.0.9, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-cni-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-pilot-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-proxyv2-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-rhel9-operator: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-cni-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-pilot-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-proxyv2-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-rhel9-operator: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-cni-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-pilot-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-proxyv2-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-rhel9-operator: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-cni-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-pilot-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-proxyv2-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-rhel9-operator: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-cni-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-proxyv2-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)\n\n* istio-proxyv2-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5948",
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31837",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61728",
"url": "https://access.redhat.com/security/cve/cve-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61731",
"url": "https://access.redhat.com/security/cve/cve-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61732",
"url": "https://access.redhat.com/security/cve/cve-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-31837",
"url": "https://access.redhat.com/security/cve/cve-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5948.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.9",
"tracking": {
"current_release_date": "2026-04-03T08:05:53+00:00",
"generator": {
"date": "2026-04-03T08:05:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:5948",
"initial_release_date": "2026-03-26T14:31:40+00:00",
"revision_history": [
{
"date": "2026-03-26T14:31:40+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T14:31:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-03T08:05:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3",
"product": {
"name": "Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774302863"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Adcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774214116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774018912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Af9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774006090"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774068855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aefdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1774019474"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774214116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Aef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774018912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774006090"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aefc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774068855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ab1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1774019474"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774214116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Acf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774018912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Afe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774006090"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774068855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ada9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1774019474"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774214116"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774018912"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ae67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294372"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774006090"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774068855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Aaaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-dev-preview-beta\u0026tag=1774019474"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64 as a component of Red Hat OpenShift Service Mesh 3",
"product_id": "Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2026-31837",
"cwe": {
"id": "CWE-1392",
"name": "Use of Default Credentials"
},
"discovery_date": "2026-03-10T23:02:58.238399+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "RHBZ#2446344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31837"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c",
"url": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c"
}
],
"release_date": "2026-03-10T21:57:44.387000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:31:40+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.0.9 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.0",
"product_ids": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:aaffe72a3ceaa3ee1984579e52c8c9a15a1e45b55d53c8c00e2be62cbcd21b62_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:b1f48cab9351f5a744c0a2839a3e4cffef152836bf3072511c858dafbed968bd_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:da9731b2c26cb10466f835467e0c25fa2483ca260e2f31e92c2783cf73fce074_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9@sha256:efdcf5819964e4edf19ec04f7b496d84bb705b4b0d2a9c7f8220ea2937d09d36_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:35b0638bd3e1f638b2493f92eca8125f6e74038bf43565c8c97dea61f016393d_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:396e3ba2ed81cb48d2d0ea4ec0373edd6f80fece16034e4dfe223ef7dd198fcd_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:7a720e7d0cffeb4ceb132f928774c85d43a9adb01eddfd5dbaa9d747115b4357_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:dcd2685d0f51bd9654e77891351273f5f9f93161efd413925c3d0b96b3bdbf0f_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:041058c4ed2cc602c6a0fc41205de07791679bdf0511650fabb1a6251d5aff13_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8a23e3f64b7d99ff915b4dcbdc9e6efa3364435032b458cba0ee85951df428da_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:cf5bb9941b6c806906e594b1cac7c73b94b91674956913b5f4c6f27be9d8faac_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ef560e57543bec7d17f46e7baede5f906a5feb1d59feabca310feada79180b85_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:62a7fccbf538f3512a128df0affa07ea332892512ca65c81546115af1d7ec124_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:84c065882a22024d24031bb1ae81e57a2596e51e84a94cc0132950448d465b50_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:9dda1ca14a4d44819498e5e00470bedf540ba7cd5a6be015e47bbf1fe5aa8ca3_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8238270e2aab1a016cd4e66de470f499e9f33e95a2547dd72722814e8b71063e_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:8e17971e0f5d14b920841b11b2d084a1275bb942566edde1ac4789452ee92bd2_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:efc87388d29385d36a26a19da1adb52bd9ef8dea42503b409d1f3d25769c3e76_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:9d1c49aac324418a6c9422990e7e83aaffbd2bdf73cd37ab692ae19a6e675a18_arm64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e67e1607b7d2a354399aa5c32ad7e776650f95e978591f3e6fd80b335a0dd3e9_s390x",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:f9399b41994032dbf514eb7ab8576614e7139a35af239efc1f05de497b9755d1_amd64",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:fe35fc6ea8320c1d0e8ee0712788879daee23d4cea6b970237375e264344ddd0_ppc64le",
"Red Hat OpenShift Service Mesh 3:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:6067e8bd752fec6a4c9791b5416feebd3755e812677393c1c2ad4746f5aced5e_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability"
}
]
}
RHSA-2026:5950
Vulnerability from csaf_redhat - Published: 2026-03-26 14:51 - Updated: 2026-04-03 08:05Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.1.6
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.1.6, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
* Multiple InferencePools on same Gateway - ext_proc lost for all but first (OSSM-12585)
Security Fix(es):
* istio-rhel9-operator: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-cni-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-pilot-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-proxyv2-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-rhel9-operator: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-cni-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-pilot-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-proxyv2-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-rhel9-operator: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-cni-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-pilot-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-proxyv2-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-rhel9-operator: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-cni-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-pilot-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-proxyv2-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-rhel9-operator: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-cni-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-pilot-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-proxyv2-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-pilot-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)
* istio-proxyv2-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1
https://access.redhat.com/errata/RHSA-2026:5950
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1
https://access.redhat.com/errata/RHSA-2026:5950
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
8.6 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1
https://access.redhat.com/errata/RHSA-2026:5950
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
7.4 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1
https://access.redhat.com/errata/RHSA-2026:5950
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1
https://access.redhat.com/errata/RHSA-2026:5950
A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.
7.5 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1
https://access.redhat.com/errata/RHSA-2026:5950
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.1.6\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.1.6, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n \nFixes/Improvements:\n\n* Multiple InferencePools on same Gateway - ext_proc lost for all but first (OSSM-12585)\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-cni-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-pilot-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-proxyv2-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-rhel9-operator: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-cni-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-pilot-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-proxyv2-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-rhel9-operator: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-cni-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-pilot-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-proxyv2-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-rhel9-operator: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-cni-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-pilot-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-proxyv2-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-rhel9-operator: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-cni-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-proxyv2-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)\n\n* istio-proxyv2-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5950",
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31837",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61728",
"url": "https://access.redhat.com/security/cve/cve-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61731",
"url": "https://access.redhat.com/security/cve/cve-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61732",
"url": "https://access.redhat.com/security/cve/cve-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-31837",
"url": "https://access.redhat.com/security/cve/cve-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5950.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6",
"tracking": {
"current_release_date": "2026-04-03T08:05:53+00:00",
"generator": {
"date": "2026-04-03T08:05:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:5950",
"initial_release_date": "2026-03-26T14:51:43+00:00",
"revision_history": [
{
"date": "2026-03-26T14:51:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T14:51:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-03T08:05:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.1",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774299519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037349"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037182"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Aa75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774293851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ad839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774244136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Af24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1774215103"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037349"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037182"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774293851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Af19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ac77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774244136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1774215103"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037349"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037182"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774293851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ad68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774244136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ae3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1774215103"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3Ae997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037349"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3Aced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037182"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774293851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774037369"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Ac8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774244136"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh-tech-preview\u0026tag=1774215103"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64 as a component of Red Hat OpenShift Service Mesh 3.1",
"product_id": "Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2026-31837",
"cwe": {
"id": "CWE-1392",
"name": "Use of Default Credentials"
},
"discovery_date": "2026-03-10T23:02:58.238399+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "RHBZ#2446344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31837"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c",
"url": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c"
}
],
"release_date": "2026-03-10T21:57:44.387000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T14:51:43+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.1.6 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.1",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:6f8534205103cd6b3b224eeb2bffa006f77b4bdd734ab26964596ed6e853a3df_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:7328a8127aa5ae599de8e21e54c45fd9080a2d42b136d400012d8a2c4b927bc8_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:e3239d0fa9f55834925b4cfe9d4f5a83380f7c85e9ee3441c9b3859e94dac69e_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh-tech-preview/istio-ztunnel-rhel9@sha256:f24f6e672693c3ee080caa418bc1dc1924921898e07e1aeb06923dd0c195cf30_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:16c4a873fc43fe6e9bd64eb7bca434fdfeab97f4cf722dbacaa97578ffffe79d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:724bfb04ef262947c8eb357a79743426215d9e48dd5bf5d70c04d0b0748cd6c7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:803c2b65f22ae7c2e01f0552a69847dda7c993f7abf15954fb043fcf3ddae542_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:e997516338202cdbd61076accd9284b07d41a4e5f110acb646dce4d1ecef232d_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1e97793ad79dec9791d67d3ad90ba8b03447daf717c557bbf44baa453a4e1150_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:51ec4d1cb23f20d91565457484ebd0ce27e989a67c4856c44c8621c50ce6f378_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:8b9594ddbc8f71aa6d1673c4bc9f770efd8eeb4087314fc7f3359225a2d33e1f_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:ced8fd70a941190d72af02804cd1e3aa55131dd831eb353a46dfe02497474660_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:7663292b3c063093f7a474443a38b1fa1efcfa4c29d7b65b1de1545ca13f9c60_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:d68017a135a9b3006b792a040e4f397846fa20e383a2fd72241de963553d8d16_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:f19d8eea123addd242941d65c7b9d7f4cf0c8a2009c681ad07a87fb365193a7e_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c77d2cd125a4704a19ff51ffdc930365635af1c9784b89748c160401723d0048_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:c8b8f53635b99c58a23f31580cf840a12e8f9866b556ca59f382f1623dca11b3_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:d839d9bbb4faa2b0e7d91a66d85d5d43f8af6cb8681c8bab58fd8e2af1a6ebf7_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:276e03a224db43d8f6669971cac5db6ce99b6a2d7a79e99a599beb57fb04da7d_arm64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:4f5d21e9e0ba777be732fa45bb18e006170edc74f6b796e67c3eabe59b932913_s390x",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:63d70dfd91c9cf1deb97db1bf7678f6c04909f182ba4b9de2b54bbb2d5ea3dd8_ppc64le",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:a75a0ac8954c9654263226507088a7969b7f554ba5852bcfcf8a5d64a0d29c92_amd64",
"Red Hat OpenShift Service Mesh 3.1:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:94bd9b7d5013e610f49e7c5376e5c63579a525f2e45e3498908a88b9773c4fcb_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability"
}
]
}
RHSA-2026:5952
Vulnerability from csaf_redhat - Published: 2026-03-26 15:03 - Updated: 2026-04-03 08:05Summary
Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.3
Severity
Important
Notes
Topic: Red Hat OpenShift Service Mesh 3.2.3
This update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat OpenShift Service Mesh 3.2.3, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.
Fixes/Improvements:
* Updated to Istio version 1.27.8
* Multiple InferencePools on same Gateway - ext_proc lost for all but first (OSSM-12585)
Security Fix(es):
* istio-rhel9-operator: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-cni-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-pilot-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-proxyv2-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* istio-rhel9-operator: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-cni-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-pilot-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-proxyv2-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)
* istio-rhel9-operator: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-cni-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-pilot-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-proxyv2-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* istio-rhel9-operator: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-cni-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-pilot-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-proxyv2-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* istio-rhel9-operator: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-cni-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-pilot-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-proxyv2-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* istio-pilot-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)
* istio-proxyv2-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2
https://access.redhat.com/errata/RHSA-2026:5952
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2
https://access.redhat.com/errata/RHSA-2026:5952
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
8.6 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2
https://access.redhat.com/errata/RHSA-2026:5952
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
7.4 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2
https://access.redhat.com/errata/RHSA-2026:5952
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2
https://access.redhat.com/errata/RHSA-2026:5952
A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.
7.5 (High)
Vendor Fix
See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2
https://access.redhat.com/errata/RHSA-2026:5952
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Service Mesh 3.2.3\n\nThis update has a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Service Mesh 3.2.3, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application.\n\nFixes/Improvements:\n\n* Updated to Istio version 1.27.8\n\n* Multiple InferencePools on same Gateway - ext_proc lost for all but first (OSSM-12585)\n\nSecurity Fix(es):\n\n* istio-rhel9-operator: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-cni-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-pilot-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-proxyv2-rhel9: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n\n* istio-rhel9-operator: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-cni-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-pilot-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-proxyv2-rhel9: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732)\n\n* istio-rhel9-operator: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-cni-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-pilot-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-proxyv2-rhel9: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)\n\n* istio-rhel9-operator: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-cni-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-pilot-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-proxyv2-rhel9: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)\n\n* istio-rhel9-operator: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-cni-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-proxyv2-rhel9: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n\n* istio-pilot-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)\n\n* istio-proxyv2-rhel9: JWKS Resolver Failure May Expose Hardcoded Default Keys (CVE-2026-31837)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5952",
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31837",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61726",
"url": "https://access.redhat.com/security/cve/cve-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61728",
"url": "https://access.redhat.com/security/cve/cve-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61731",
"url": "https://access.redhat.com/security/cve/cve-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-61732",
"url": "https://access.redhat.com/security/cve/cve-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-68121",
"url": "https://access.redhat.com/security/cve/cve-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2026-31837",
"url": "https://access.redhat.com/security/cve/cve-2026-31837"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification",
"url": "https://access.redhat.com/security/updates/classification"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5952.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.2.3",
"tracking": {
"current_release_date": "2026-04-03T08:05:53+00:00",
"generator": {
"date": "2026-04-03T08:05:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:5952",
"initial_release_date": "2026-03-26T15:03:15+00:00",
"revision_history": [
{
"date": "2026-03-26T15:03:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-26T15:03:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-03T08:05:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Service Mesh 3.2",
"product": {
"name": "Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:service_mesh:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Service Mesh"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-sail-operator-bundle@sha256%3A915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774299791"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774024187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Adae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206464"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774114903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3Ac99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774207172"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774024187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3A037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206464"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774114903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774207172"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774024187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3Ae1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Ab8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206464"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3Aa65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774114903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774207172"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-cni-rhel9@sha256%3A1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206585"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-must-gather-rhel9@sha256%3A1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774024187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-rhel9-operator@sha256%3A6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774294809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-pilot-rhel9@sha256%3Aeba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774206464"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-proxyv2-rhel9@sha256%3A9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774114903"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"product": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"product_id": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/istio-ztunnel-rhel9@sha256%3A39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh\u0026tag=1774207172"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64 as a component of Red Hat OpenShift Service Mesh 3.2",
"product_id": "Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
},
"product_reference": "registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64",
"relates_to_product_reference": "Red Hat OpenShift Service Mesh 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2026-31837",
"cwe": {
"id": "CWE-1392",
"name": "Use of Default Credentials"
},
"discovery_date": "2026-03-10T23:02:58.238399+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446344"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Istio. A user of Istio could be impacted if the JSON Web Key Set (JWKS) resolver becomes unavailable or fails to fetch keys. This vulnerability can lead to the exposure of hardcoded default settings, potentially bypassing authentication mechanisms and allowing unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le"
],
"known_not_affected": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31837"
},
{
"category": "external",
"summary": "RHBZ#2446344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31837"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837"
},
{
"category": "external",
"summary": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c",
"url": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c"
}
],
"release_date": "2026-03-10T21:57:44.387000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-26T15:03:15+00:00",
"details": "See Red Hat OpenShift Service Mesh 3.2.3 documentation at https://docs.redhat.com/en/documentation/red_hat_openshift_service_mesh/3.2",
"product_ids": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ad57736249ed843127edf74f765e810ee91f3e9196c0402ecf6199c0b0eeaab_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:1ece317e94a6b73c5654b836ada2b6ea181c92530b2c8c406c4766499057e8c9_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:4a5e31af5fa9740c6567ce5e6510842a989df5a25435521bdeb87a6962bfb3d3_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-cni-rhel9@sha256:90e9ef5b9db44a7f18bcdfaba6851c89138577636cb765de938bdf0e68d296be_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:06e423f764c1714392925c3c3d63b524b9751b7c876e09df11f71c2b860185c1_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:157774fbb36e6924c1b8dbdbace1d97f33070bc4af7e29e999ea182f6fcc87c0_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:1dcb1fad2fa5db4c4c36ad42166b47c86015169bd570cdb6af9fe18717bd93b2_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel9@sha256:226cdb05c3583a75732796acb0fa9afe0771267e9575c0585b0c222141736e0a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:5728f8611c4d586ab1ab080ee3c8038140b2e4ff6f3037263c92b39e7053b30e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:b8141f34bc91435d174203b914db8b452c7295d76268b4cd8a18d3cc371eff07_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-pilot-rhel9@sha256:eba1f0afeb06ac3eba3c1e35a2045e25e60a37b1a542ef393f7d8d6382030af8_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:783c436fc96986ab1e5c5869139e3a2d31fe1e1796083c28a743c1900378572e_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:9b8c6dc0678602cfb16a347ec26813758267a924f0a4a7189f30b6dd9c2ead91_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-proxyv2-rhel9@sha256:a65212d6c07f11e855e60c2027076351947fa2d9a4a725dab519afa796615d3a_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:2224fc1667fbac0728e14e7c99c75a28e2e44e76a3e922c26216d5341283b1d3_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:6adba5976577e2ae99aad55a8de7a7603e0b9546423af16020d4c34ac125c83f_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:dae6eb72e8a8aa989ec2919e763c79273dbd48fc10c10917095276ec0db54e09_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-rhel9-operator@sha256:e1de1bc5f4472757cd9dd1e87de88fc54cdde8bbb9a4fd2245388dc3076efada_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-sail-operator-bundle@sha256:915c426f6d9e02f951d13df06a3e2398a9cc0cdaae6f4deb71aaaf280ad55421_amd64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:39eeec9d30a317cc703a13389d76e15f641c7d67bec0528fd99a5c8c015c23f9_s390x",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:654d5bcebc86748c735639eb978bcae7cd4e0152eaded93885d04677c8164f1a_arm64",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:888c599cb37535870bf8256831eb81c9a27ec6da5dbd433f4363ff3109195957_ppc64le",
"Red Hat OpenShift Service Mesh 3.2:registry.redhat.io/openshift-service-mesh/istio-ztunnel-rhel9@sha256:c99eadf319dd88c8a7e6e2201dd749f1f631a60d1bc0cc683cf83fb14f01317b_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability"
}
]
}
cleanstart-2026-as59691
Vulnerability from cleanstart
Published
2026-04-01 09:29
Modified
2026-03-23 07:49
Summary
Security fixes for CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-31837, CVE-2026-31838, ghsa-9h8m-3fm2-qjrq applied in versions: 1.28.3-r0
Details
Multiple security vulnerabilities affect the istio package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "istio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.28.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the istio package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-AS59691",
"modified": "2026-03-23T07:49:41Z",
"published": "2026-04-01T09:29:30.943219Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-AS59691.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-31837"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-31838"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9h8m-3fm2-qjrq"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31837"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31838"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-31837, CVE-2026-31838, ghsa-9h8m-3fm2-qjrq applied in versions: 1.28.3-r0",
"upstream": [
"CVE-2026-24051",
"CVE-2026-25679",
"CVE-2026-27139",
"CVE-2026-27142",
"CVE-2026-31837",
"CVE-2026-31838",
"ghsa-9h8m-3fm2-qjrq"
]
}
FKIE_CVE-2026-31837
Vulnerability from fkie_nvd - Published: 2026-03-10 22:16 - Updated: 2026-03-18 18:59
Severity ?
Summary
Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE1D1FE4-AFED-401D-9806-64A2BCD3E4B4",
"versionEndExcluding": "1.27.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B739C51C-21B8-4697-90E0-89D74035D191",
"versionEndExcluding": "1.28.5",
"versionStartIncluding": "1.28.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:istio:istio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E81CE4C-D040-4F85-AAFE-4CEA4906E14A",
"versionEndExcluding": "1.29.1",
"versionStartIncluding": "1.29.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a user of Istio is impacted if the JWKS resolver becomes unavailable or the fetch fails, exposing hardcoded defaults regardless of use of the RequestAuthentication resource. This vulnerability is fixed in 1.29.1, 1.28.5, and 1.27.8."
},
{
"lang": "es",
"value": "Istio es una plataforma abierta para conectar, gestionar y proteger microservicios. Antes de 1.29.1, 1.28.5 y 1.27.8, un usuario de Istio se ve afectado si el resolvedor JWKS deja de estar disponible o la obtenci\u00f3n falla, exponiendo valores predeterminados codificados independientemente del uso del recurso RequestAuthentication. Esta vulnerabilidad est\u00e1 corregida en 1.29.1, 1.28.5 y 1.27.8."
}
],
"id": "CVE-2026-31837",
"lastModified": "2026-03-18T18:59:40.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-03-10T22:16:21.720",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/istio/istio/security/advisories/GHSA-v75c-crr9-733c"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
WID-SEC-W-2026-0704
Vulnerability from csaf_certbund - Published: 2026-03-11 23:00 - Updated: 2026-03-26 23:00Summary
Google Cloud Platform Envoy Proxy, Istio und Service Mesh: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Google Cloud Platform (GCP) ist eine Sammlung von Cloud-Computing-Diensten von Google, die Infrastruktur, Datenanalyse, maschinelles Lernen und Entwicklungstools bietet. Unternehmen können dadurch Anwendungen in der Cloud zu aufbauen und skalierbar bereitzustellen.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Google Cloud Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
References
| URL | Category | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Google Cloud Platform (GCP) ist eine Sammlung von Cloud-Computing-Diensten von Google, die Infrastruktur, Datenanalyse, maschinelles Lernen und Entwicklungstools bietet. Unternehmen k\u00f6nnen dadurch Anwendungen in der Cloud zu aufbauen und skalierbar bereitzustellen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Google Cloud Platform ausnutzen, um Sicherheitsvorkehrungen zu umgehen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0704 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0704.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0704 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0704"
},
{
"category": "external",
"summary": "Google Cloud Sicherheitsbulletin vom 2026-03-11",
"url": "https://docs.cloud.google.com/support/bulletins#gcp-2026-013"
},
{
"category": "external",
"summary": "Google Cloud Sicherheitsbulletin vom 2026-03-11",
"url": "https://docs.cloud.google.com/service-mesh/docs/security-bulletins#gcp-2026-013"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5952 vom 2026-03-26",
"url": "https://access.redhat.com/errata/RHSA-2026:5952"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5950 vom 2026-03-26",
"url": "https://access.redhat.com/errata/RHSA-2026:5950"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:5948 vom 2026-03-26",
"url": "https://access.redhat.com/errata/RHSA-2026:5948"
}
],
"source_lang": "en-US",
"title": "Google Cloud Platform Envoy Proxy, Istio und Service Mesh: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-26T23:00:00.000+00:00",
"generator": {
"date": "2026-03-27T09:01:18.703+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0704",
"initial_release_date": "2026-03-11T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-11T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-26T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "Envoy Proxy",
"product": {
"name": "Google Cloud Platform Envoy Proxy",
"product_id": "T051659",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:envoy_proxy"
}
}
},
{
"category": "product_version",
"name": "Istio",
"product": {
"name": "Google Cloud Platform Istio",
"product_id": "T051660",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:istio"
}
}
},
{
"category": "product_version_range",
"name": "Service Mesh \u003c1.28.5-asm.9",
"product": {
"name": "Google Cloud Platform Service Mesh \u003c1.28.5-asm.9",
"product_id": "T051662"
}
},
{
"category": "product_version",
"name": "Service Mesh 1.28.5-asm.9",
"product": {
"name": "Google Cloud Platform Service Mesh 1.28.5-asm.9",
"product_id": "T051662-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:service_mesh__1.28.5-asm.9"
}
}
},
{
"category": "product_version_range",
"name": "Service Mesh \u003c1.27.8-asm.7",
"product": {
"name": "Google Cloud Platform Service Mesh \u003c1.27.8-asm.7",
"product_id": "T051663"
}
},
{
"category": "product_version",
"name": "Service Mesh 1.27.8-asm.7",
"product": {
"name": "Google Cloud Platform Service Mesh 1.27.8-asm.7",
"product_id": "T051663-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:service_mesh__1.27.8-asm.7"
}
}
},
{
"category": "product_version_range",
"name": "Service Mesh \u003c1.26.8-asm.3",
"product": {
"name": "Google Cloud Platform Service Mesh \u003c1.26.8-asm.3",
"product_id": "T051664"
}
},
{
"category": "product_version",
"name": "Service Mesh 1.26.8-asm.3",
"product": {
"name": "Google Cloud Platform Service Mesh 1.26.8-asm.3",
"product_id": "T051664-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:cloud_platform:service_mesh__1.26.8-asm.3"
}
}
}
],
"category": "product_name",
"name": "Cloud Platform"
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-26308",
"product_status": {
"known_affected": [
"T051659",
"67646",
"T051664",
"T051662",
"T051663",
"T051660"
]
},
"release_date": "2026-03-11T23:00:00.000+00:00",
"title": "CVE-2026-26308"
},
{
"cve": "CVE-2026-26309",
"product_status": {
"known_affected": [
"T051659",
"67646",
"T051664",
"T051662",
"T051663",
"T051660"
]
},
"release_date": "2026-03-11T23:00:00.000+00:00",
"title": "CVE-2026-26309"
},
{
"cve": "CVE-2026-26310",
"product_status": {
"known_affected": [
"T051659",
"67646",
"T051664",
"T051662",
"T051663",
"T051660"
]
},
"release_date": "2026-03-11T23:00:00.000+00:00",
"title": "CVE-2026-26310"
},
{
"cve": "CVE-2026-26311",
"product_status": {
"known_affected": [
"T051659",
"67646",
"T051664",
"T051662",
"T051663",
"T051660"
]
},
"release_date": "2026-03-11T23:00:00.000+00:00",
"title": "CVE-2026-26311"
},
{
"cve": "CVE-2026-26330",
"product_status": {
"known_affected": [
"T051659",
"67646",
"T051664",
"T051662",
"T051663",
"T051660"
]
},
"release_date": "2026-03-11T23:00:00.000+00:00",
"title": "CVE-2026-26330"
},
{
"cve": "CVE-2026-31837",
"product_status": {
"known_affected": [
"T051659",
"67646",
"T051664",
"T051662",
"T051663",
"T051660"
]
},
"release_date": "2026-03-11T23:00:00.000+00:00",
"title": "CVE-2026-31837"
},
{
"cve": "CVE-2026-31838",
"product_status": {
"known_affected": [
"T051659",
"67646",
"T051664",
"T051662",
"T051663",
"T051660"
]
},
"release_date": "2026-03-11T23:00:00.000+00:00",
"title": "CVE-2026-31838"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…