Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32280 (GCVE-0-2026-32280)
Vulnerability from cvelistv5 – Published: 2026-04-08 01:06 – Updated: 2026-07-10 12:05- CWE-770 - Allocation of Resources Without Limits or Throttling
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | crypto/x509 |
Affected:
0 , < 1.25.9
(semver)
Affected: 1.26.0-0 , < 1.26.2 (semver) |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 10 |
cpe:/a:redhat:ansible_automation_platform:2.6::el10 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10 |
|
| Red Hat | Red Hat Enterprise Linux Server (v. 7 ELS) |
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 8 |
cpe:/a:redhat:ansible_automation_platform:2.5::el8 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
cpe:/a:redhat:openshift:4.14::el8 cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
cpe:/a:redhat:openshift:4.15::el8 cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.17 |
cpe:/a:redhat:openshift:4.17::el8 cpe:/a:redhat:openshift:4.17::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
cpe:/a:redhat:openshift:4.18::el8 cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 8 |
cpe:/a:redhat:satellite:6.16::el8 cpe:/a:redhat:satellite_capsule:6.16::el8 cpe:/a:redhat:satellite_maintenance:6.16::el8 cpe:/a:redhat:satellite_utils:6.16::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.5 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.5::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 for RHEL 9 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9 cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9 |
|
| Red Hat | Cryostat 4 on RHEL 9 |
cpe:/a:redhat:cryostat:4::el9 |
|
| Red Hat | RHEM 1.0 for RHEL 9 |
cpe:/a:redhat:edge_manager:1.0::el9 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 cpe:/a:redhat:openstack:17.1::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
cpe:/a:redhat:openshift:4.19::el8 cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat Satellite 6.16 for RHEL 9 |
cpe:/a:redhat:satellite:6.16::el9 cpe:/a:redhat:satellite_capsule:6.16::el9 cpe:/a:redhat:satellite_maintenance:6.16::el9 cpe:/a:redhat:satellite_utils:6.16::el9 |
|
| Red Hat | Red Hat Satellite 6.19 for RHEL 9 |
cpe:/a:redhat:satellite:6.19::el9 cpe:/a:redhat:satellite_capsule:6.19::el9 cpe:/a:redhat:satellite_maintenance:6.19::el9 cpe:/a:redhat:satellite_utils:6.19::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.1 cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream AUS (v.8.6) |
cpe:/a:redhat:rhel_aus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.8.6) |
cpe:/a:redhat:rhel_e4s:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream TUS (v.8.6) |
cpe:/a:redhat:rhel_tus:8.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.4) |
cpe:/a:redhat:rhel_e4s:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 9) |
cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Custom Metric Autoscaler 2.19 |
cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9 |
|
| Red Hat | HawtIO HawtIO 4.4.0 |
cpe:/a:redhat:apache_camel_hawtio:4.4::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.0 |
cpe:/a:redhat:logging:6.0::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.4 |
cpe:/a:redhat:logging:6.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.4.5 |
cpe:/a:redhat:multicluster_globalhub:1.4::el9 |
|
| Red Hat | Multicluster Global Hub 1.5.4 |
cpe:/a:redhat:multicluster_globalhub:1.5::el9 |
|
| Red Hat | Multicluster Global Hub 1.6.2 |
cpe:/a:redhat:multicluster_globalhub:1.6::el9 |
|
| Red Hat | Network Observability (NETOBSERV) 1.11.2 |
cpe:/a:redhat:network_observ_optr:1.11::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.4 |
cpe:/a:redhat:openshift_api_data_protection:1.4::el9 |
|
| Red Hat | OpenShift API for Data Protection 1.5 |
cpe:/a:redhat:openshift_api_data_protection:1.5::el9 |
|
| Red Hat | OpenShift Compliance Operator 1 |
cpe:/a:redhat:openshift_compliance_operator:1::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.14 |
cpe:/a:redhat:acm:2.14::el9 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.10 |
cpe:/a:redhat:advanced_cluster_security:4.10::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.9 |
cpe:/a:redhat:advanced_cluster_security:4.9::el8 |
|
| Red Hat | Red Hat Ansible Automation Platform 2.6 |
cpe:/a:redhat:ansible_automation_platform:2.6::el9 |
|
| Red Hat | Red Hat Developer Hub 1.8 |
cpe:/a:redhat:rhdh:1.8::el9 |
|
| Red Hat | Red Hat Developer Hub 1.9 |
cpe:/a:redhat:rhdh:1.9::el9 |
|
| Red Hat | Red Hat Edge Manager 1.0 |
cpe:/a:redhat:edge_manager:1.0::el9 |
|
| Red Hat | Red Hat Lightspeed (formerly Insights) for Runtimes 1 |
cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9 |
|
| Red Hat | Red Hat OpenShift AI 2.25 |
cpe:/a:redhat:openshift_ai:2.25::el9 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.4 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.28 |
cpe:/a:redhat:openshift_devspaces:3.28::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 2.6 |
cpe:/a:redhat:service_mesh:2.6::el8 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.3 |
cpe:/a:redhat:service_mesh:3.3::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat OpenShift distributed tracing 3.9.3 |
cpe:/a:redhat:openshift_distributed_tracing:3.9::el9 |
|
| Red Hat | Red Hat OpenStack 1.5 |
cpe:/a:redhat:stf:1.5::el9 |
|
| Red Hat | Red Hat Quay 3.10 |
cpe:/a:redhat:quay:3.10::el8 |
|
| Red Hat | Red Hat Quay 3.14 |
cpe:/a:redhat:quay:3.14::el8 |
|
| Red Hat | Red Hat Quay 3.15 |
cpe:/a:redhat:quay:3.15::el8 |
|
| Red Hat | Red Hat Quay 3.16 |
cpe:/a:redhat:quay:3.16::el9 |
|
| Red Hat | Red Hat Quay 3.17 |
cpe:/a:redhat:quay:3.17::el9 |
|
| Red Hat | Red Hat Quay 3.9 |
cpe:/a:redhat:quay:3.9::el8 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.3 |
cpe:/a:redhat:trusted_artifact_signer:1.3::el9 |
|
| Red Hat | Red Hat Web Terminal 1.11 |
cpe:/a:redhat:webterminal:1.11::el9 |
|
| Red Hat | Red Hat Web Terminal 1.12 |
cpe:/a:redhat:webterminal:1.12::el9 |
|
| Red Hat | Red Hat Web Terminal 1.13 |
cpe:/a:redhat:webterminal:1.13::el9 |
|
| Red Hat | Red Hat Web Terminal 1.14 |
cpe:/a:redhat:webterminal:1.14::el9 |
|
| Red Hat | Red Hat Web Terminal 1.15 |
cpe:/a:redhat:webterminal:1.15::el9 |
|
| Red Hat | mirror registry for Red Hat OpenShift 2.0 |
cpe:/a:redhat:mirror_registry:2.0::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.10 |
cpe:/a:redhat:multicluster_engine:2.10::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.11 |
cpe:/a:redhat:multicluster_engine:2.11::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.17 |
cpe:/a:redhat:multicluster_engine:2.17::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.6 |
cpe:/a:redhat:multicluster_engine:2.6::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.8 |
cpe:/a:redhat:multicluster_engine:2.8::el8 |
|
| Red Hat | Assisted Installer for Red Hat OpenShift Container Platform 2 |
cpe:/a:redhat:assisted_installer:2 |
|
| Red Hat | cert-manager Operator for Red Hat OpenShift |
cpe:/a:redhat:cert_manager:1 |
|
| Red Hat | Confidential Compute Attestation |
cpe:/a:redhat:confidential_compute_attestation:1 |
|
| Red Hat | Deployment Validation Operator |
cpe:/a:redhat:deployment_validator_operator |
|
| Red Hat | External Secrets Operator for Red Hat OpenShift |
cpe:/a:redhat:external_secrets_operator:1 |
|
| Red Hat | ExternalDNS Operator |
cpe:/a:redhat:ext_dns_optr:1 |
|
| Red Hat | Fence Agents Remediation Operator |
cpe:/a:redhat:workload_availability_far:0 |
|
| Red Hat | File Integrity Operator |
cpe:/a:redhat:openshift_file_integrity_operator:1 |
|
| Red Hat | Gatekeeper 3 |
cpe:/a:redhat:gatekeeper:3 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift |
cpe:/a:redhat:logging:5 |
|
| Red Hat | Logical Volume Manager Storage |
cpe:/a:redhat:lvms:4 |
|
| Red Hat | Machine Deletion Remediation Operator |
cpe:/a:redhat:workload_availability_mdr:0 |
|
| Red Hat | Migration Toolkit for Containers |
cpe:/a:redhat:rhmt:1 |
|
| Red Hat | mirror registry for Red Hat OpenShift |
cpe:/a:redhat:mirror_registry:1 |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Red Hat 3scale API Management Platform 2 |
cpe:/a:redhat:red_hat_3scale_amp:2 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 |
cpe:/a:redhat:acm:2 |
|
| Red Hat | Red Hat AI Inference Server |
cpe:/a:redhat:ai_inference_server:3 |
|
| Red Hat | Red Hat Certification Program for Red Hat Enterprise Linux 9 |
cpe:/a:redhat:certifications:9 |
|
| Red Hat | Red Hat Connectivity Link 1 |
cpe:/a:redhat:connectivity_link:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Cluster Manager CLI |
cpe:/a:redhat:openshift_cluster_manager_cli:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat Openshift Data Foundation 4 |
cpe:/a:redhat:openshift_data_foundation:4 |
|
| Red Hat | Red Hat OpenShift Dev Workspaces Operator |
cpe:/a:redhat:devworkspace |
|
| Red Hat | Red Hat OpenShift GitOps |
cpe:/a:redhat:openshift_gitops:1 |
|
| Red Hat | Red Hat OpenShift on AWS |
cpe:/a:redhat:openshift_service_on_aws:1 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat OpenStack Platform 18.0 |
cpe:/a:redhat:openstack:18.0 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Security Profiles Operator |
cpe:/a:redhat:openshift_security_profiles_operator:1 |
|
| Red Hat | Zero Trust Workload Identity Manager |
cpe:/a:redhat:zero_trust_workload_identity_manager:1 |
|
| Red Hat | Zero Trust Workload Identity Manager - Tech Preview |
cpe:/a:redhat:zero_trust_workload_identity_manager:0 |
|
| Red Hat | Migration Toolkit for Applications 8 |
cpe:/a:redhat:migration_toolkit_applications:8 |
|
| Red Hat | Node HealthCheck Operator |
cpe:/a:redhat:workload_availability_nhc:0 |
|
| Red Hat | OpenShift Service Mesh 2 |
cpe:/a:redhat:service_mesh:2 |
|
| Red Hat | OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3 |
|
| Red Hat | Power monitoring for Red Hat OpenShift |
cpe:/a:redhat:openshift_power_monitoring |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat OpenShift for Windows Containers |
cpe:/a:redhat:windows_machine_config |
|
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
|
| Red Hat | Red Hat Service Interconnect 1 |
cpe:/a:redhat:service_interconnect:1 |
|
| Red Hat | Red Hat Service Interconnect 2 |
cpe:/a:redhat:service_interconnect:2 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-32280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T17:46:14.569488Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:46:47.347Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el10",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el8",
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el8",
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.17::el8",
"cpe:/a:redhat:openshift:4.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el8",
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.16::el8",
"cpe:/a:redhat:satellite_capsule:6.16::el8",
"cpe:/a:redhat:satellite_maintenance:6.16::el8",
"cpe:/a:redhat:satellite_utils:6.16::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.16 for RHEL 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.5 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9",
"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4::el9"
],
"defaultStatus": "affected",
"product": "Cryostat 4 on RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "RHEM 1.0 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1",
"cpe:/a:redhat:openstack:17.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el8",
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.16::el9",
"cpe:/a:redhat:satellite_capsule:6.16::el9",
"cpe:/a:redhat:satellite_maintenance:6.16::el9",
"cpe:/a:redhat:satellite_utils:6.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.16 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6.19::el9",
"cpe:/a:redhat:satellite_capsule:6.19::el9",
"cpe:/a:redhat:satellite_maintenance:6.19::el9",
"cpe:/a:redhat:satellite_utils:6.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6.19 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.1",
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_aus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_tus:8.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9"
],
"defaultStatus": "affected",
"product": "Custom Metric Autoscaler 2.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:apache_camel_hawtio:4.4::el9"
],
"defaultStatus": "affected",
"product": "HawtIO HawtIO 4.4.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.0::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.4::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.4::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.4.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.5::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.5.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub:1.6::el9"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub 1.6.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1.11::el9"
],
"defaultStatus": "affected",
"product": "Network Observability (NETOBSERV) 1.11.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1.5::el9"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1::el9"
],
"defaultStatus": "affected",
"product": "OpenShift Compliance Operator 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2.6::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.8::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub 1.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Lightspeed (formerly Insights) for Runtimes 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai:2.25::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI 2.25",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.28::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.28",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift distributed tracing 3.9.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:stf:1.5::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack 1.5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.14::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.15::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.17::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.11::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.12::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal 1.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:2.0::el8"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift 2.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.10::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.11::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.17::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.17",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el8"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el8"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:deployment_validator_operator"
],
"defaultStatus": "affected",
"product": "Deployment Validation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "affected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ext_dns_optr:1"
],
"defaultStatus": "affected",
"product": "ExternalDNS Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_far:0"
],
"defaultStatus": "affected",
"product": "Fence Agents Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1"
],
"defaultStatus": "affected",
"product": "File Integrity Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:5"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lvms:4"
],
"defaultStatus": "affected",
"product": "Logical Volume Manager Storage",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_mdr:0"
],
"defaultStatus": "affected",
"product": "Machine Deletion Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:mirror_registry:1"
],
"defaultStatus": "affected",
"product": "mirror registry for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ai_inference_server:3"
],
"defaultStatus": "affected",
"product": "Red Hat AI Inference Server",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:certifications:9"
],
"defaultStatus": "affected",
"product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_cluster_manager_cli:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Cluster Manager CLI",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:devworkspace"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Workspaces Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_security_profiles_operator:1"
],
"defaultStatus": "affected",
"product": "Security Profiles Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "unaffected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "unaffected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3"
],
"defaultStatus": "unaffected",
"product": "OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_power_monitoring"
],
"defaultStatus": "unaffected",
"product": "Power monitoring for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "unaffected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
}
],
"datePublic": "2026-04-08T01:06:58.595Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T12:05:46.414Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"name": "RHBZ#2456339",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28886"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28961"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34097"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21655"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25180"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:27076"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14391"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36796"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28047"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23244"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34365"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20569"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23103"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19715"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19550"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18032"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:18027"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17084"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19719"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19750"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20570"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22713"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19714"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20571"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19450"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10217"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23102"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19133"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22141"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19144"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19135"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24470"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22130"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24716"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33722"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10704"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16875"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11507"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11514"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:15980"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19634"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34192"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34196"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34197"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19721"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20607"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20608"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19722"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20556"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19839"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28038"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19720"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22709"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:17287"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24337"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20609"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14200"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:10219"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19350"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19353"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26447"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22309"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29702"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28074"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26636"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25089"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26585"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16874"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:29854"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26571"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25127"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13829"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20889"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13791"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36319"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13545"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21338"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:13826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36651"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22485"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24977"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24359"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21772"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:11688"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16476"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16505"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16532"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16508"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16535"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16537"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16542"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16477"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:16534"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14162"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:9385"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:14020"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21017"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19375"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22465"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23361"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24478"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22960"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22958"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22962"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22959"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22961"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28441"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22422"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22268"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22415"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28198"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28196"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22258"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:22260"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:16101: Red Hat Enterprise Linux Server (v. 7 ELS)"
},
{
"lang": "en",
"value": "RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28886: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:28961: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:34097: Red Hat OpenShift Container Platform 4.17"
},
{
"lang": "en",
"value": "RHSA-2026:21655: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:25180: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:14391: Cryostat 4 on RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:28047: Red Hat OpenStack Platform 17.1"
},
{
"lang": "en",
"value": "RHSA-2026:23244: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:20569: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:23103: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19715: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:16024: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19550: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:18032: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:18027: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19750: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:20570: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:22713: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19714: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:20571: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19450: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:10217: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:29195: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:23102: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19133: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22141: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19144: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:24470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:22130: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:29035: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:24716: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:33722: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:10704: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:16875: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:11507: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:11514: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:15980: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:34192: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:34196: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:34197: Red Hat Enterprise Linux AppStream E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20607: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20608: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19722: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:16021: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20556: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19839: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:28038: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:22709: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:24337: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:20609: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:14200: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:10219: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29703: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19350: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:26447: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:22309: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:29702: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:28074: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:26636: Custom Metric Autoscaler 2.19"
},
{
"lang": "en",
"value": "RHSA-2026:25089: HawtIO HawtIO 4.4.0"
},
{
"lang": "en",
"value": "RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0"
},
{
"lang": "en",
"value": "RHSA-2026:22862: Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"lang": "en",
"value": "RHSA-2026:22347: Multicluster Global Hub 1.4.5"
},
{
"lang": "en",
"value": "RHSA-2026:21769: Multicluster Global Hub 1.5.4"
},
{
"lang": "en",
"value": "RHSA-2026:23345: Multicluster Global Hub 1.6.2"
},
{
"lang": "en",
"value": "RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2"
},
{
"lang": "en",
"value": "RHSA-2026:29854: OpenShift API for Data Protection 1.4"
},
{
"lang": "en",
"value": "RHSA-2026:26568: OpenShift API for Data Protection 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:26571: OpenShift Compliance Operator 1"
},
{
"lang": "en",
"value": "RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14"
},
{
"lang": "en",
"value": "RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:36319: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:21338: Red Hat Developer Hub 1.8"
},
{
"lang": "en",
"value": "RHSA-2026:13826: Red Hat Developer Hub 1.9"
},
{
"lang": "en",
"value": "RHSA-2026:36651: Red Hat Edge Manager 1.0"
},
{
"lang": "en",
"value": "RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1"
},
{
"lang": "en",
"value": "RHSA-2026:24977: Red Hat OpenShift AI 2.25"
},
{
"lang": "en",
"value": "RHSA-2026:24359: Red Hat OpenShift Builds 1.7.4"
},
{
"lang": "en",
"value": "RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"
},
{
"lang": "en",
"value": "RHSA-2026:11688: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:16505: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:16508: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:16537: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:16477: Red Hat OpenShift Service Mesh 3"
},
{
"lang": "en",
"value": "RHSA-2026:16534: Red Hat OpenShift Service Mesh 3"
},
{
"lang": "en",
"value": "RHSA-2026:14162: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3"
},
{
"lang": "en",
"value": "RHSA-2026:14020: Red Hat OpenStack 1.5"
},
{
"lang": "en",
"value": "RHSA-2026:22840: Red Hat Quay 3.10"
},
{
"lang": "en",
"value": "RHSA-2026:21017: Red Hat Quay 3.14"
},
{
"lang": "en",
"value": "RHSA-2026:24853: Red Hat Quay 3.15"
},
{
"lang": "en",
"value": "RHSA-2026:19375: Red Hat Quay 3.16"
},
{
"lang": "en",
"value": "RHSA-2026:22465: Red Hat Quay 3.17"
},
{
"lang": "en",
"value": "RHSA-2026:23361: Red Hat Quay 3.9"
},
{
"lang": "en",
"value": "RHSA-2026:24478: Red Hat Trusted Artifact Signer 1.3"
},
{
"lang": "en",
"value": "RHSA-2026:22960: Red Hat Web Terminal 1.11"
},
{
"lang": "en",
"value": "RHSA-2026:22958: Red Hat Web Terminal 1.12"
},
{
"lang": "en",
"value": "RHSA-2026:22962: Red Hat Web Terminal 1.13"
},
{
"lang": "en",
"value": "RHSA-2026:22959: Red Hat Web Terminal 1.14"
},
{
"lang": "en",
"value": "RHSA-2026:22961: Red Hat Web Terminal 1.15"
},
{
"lang": "en",
"value": "RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0"
},
{
"lang": "en",
"value": "RHSA-2026:22422: multicluster engine for Kubernetes 2.10"
},
{
"lang": "en",
"value": "RHSA-2026:22268: multicluster engine for Kubernetes 2.11"
},
{
"lang": "en",
"value": "RHSA-2026:22415: multicluster engine for Kubernetes 2.17"
},
{
"lang": "en",
"value": "RHSA-2026:28198: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:28196: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:22258: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:22260: multicluster engine for Kubernetes 2.8"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-04-08T02:01:19.572Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-04-08T01:06:58.595Z",
"value": "Made public."
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "crypto/x509",
"product": "crypto/x509",
"programRoutines": [
{
"name": "Certificate.buildChains"
},
{
"name": "Certificate.Verify"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.25.9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.26.2",
"status": "affected",
"version": "1.26.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek - https://ciolek.dev"
}
],
"descriptions": [
{
"lang": "en",
"value": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T01:06:58.595Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/758320"
},
{
"url": "https://go.dev/issue/78282"
},
{
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"title": "Unexpected work during chain building in crypto/x509"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-32280",
"datePublished": "2026-04-08T01:06:58.595Z",
"dateReserved": "2026-03-11T16:38:46.555Z",
"dateUpdated": "2026-07-10T12:05:46.414Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-32280",
"date": "2026-07-13",
"epss": "0.00615",
"percentile": "0.45316"
},
"microsoft_vex": {
"current_release_date": "2026-06-09T01:40:50.000Z",
"cve": "CVE-2026-32280",
"id": "msrc_CVE-2026-32280",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"product_status:known_affected": "7",
"product_status:known_not_affected": "8",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Unexpected work during chain building in crypto/x509",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-32280.json",
"version": "5"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-32280\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-04-08T02:16:03.247\",\"lastModified\":\"2026-07-10T12:16:38.577\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"Go standard library\",\"product\":\"crypto/x509\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"crypto/x509\",\"programRoutines\":[{\"name\":\"Certificate.buildChains\"},{\"name\":\"Certificate.Verify\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"1.25.9\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"1.26.0-0\",\"lessThan\":\"1.26.2\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el10\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.5 for RHEL 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.5::el8\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.14::el8\",\"cpe:/a:redhat:openshift:4.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.15::el8\",\"cpe:/a:redhat:openshift:4.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.17::el8\",\"cpe:/a:redhat:openshift:4.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.18::el8\",\"cpe:/a:redhat:openshift:4.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.16 for RHEL 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.16::el8\",\"cpe:/a:redhat:satellite_capsule:6.16::el8\",\"cpe:/a:redhat:satellite_maintenance:6.16::el8\",\"cpe:/a:redhat:satellite_utils:6.16::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.5 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.5::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\",\"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4 on RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"RHEM 1.0 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 17.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:17.1\",\"cpe:/a:redhat:openstack:17.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.19::el8\",\"cpe:/a:redhat:openshift:4.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.16 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.16::el9\",\"cpe:/a:redhat:satellite_capsule:6.16::el9\",\"cpe:/a:redhat:satellite_maintenance:6.16::el9\",\"cpe:/a:redhat:satellite_utils:6.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6.19 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6.19::el9\",\"cpe:/a:redhat:satellite_capsule:6.19::el9\",\"cpe:/a:redhat:satellite_maintenance:6.19::el9\",\"cpe:/a:redhat:satellite_utils:6.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\",\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Custom Metric Autoscaler 2.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"HawtIO HawtIO 4.4.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:apache_camel_hawtio:4.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.4.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.5.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub 1.6.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub:1.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability (NETOBSERV) 1.11.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Compliance Operator 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.8::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub 1.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Edge Manager 1.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Lightspeed (formerly Insights) for Runtimes 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI 2.25\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai:2.25::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.7.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.28\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.28::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift distributed tracing 3.9.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack 1.5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:stf:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.14::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.15::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.12::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal 1.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift 2.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:2.0::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.10::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.17\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.17::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.8::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Assisted Installer for Red Hat OpenShift Container Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:assisted_installer:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"cert-manager Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Deployment Validation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:deployment_validator_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"ExternalDNS Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ext_dns_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Fence Agents Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_far:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"File Integrity Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_file_integrity_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Gatekeeper 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:gatekeeper:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logical Volume Manager Storage\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lvms:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Machine Deletion Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_mdr:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"mirror registry for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:mirror_registry:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ocp_tools\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat 3scale API Management Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_3scale_amp:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat AI Inference Server\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ai_inference_server:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Certification Program for Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:certifications:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Connectivity Link 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:connectivity_link:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Cluster Manager CLI\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Workspaces Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:devworkspace\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift on AWS\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_service_on_aws:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 16.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:16.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 18.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Security Profiles Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_security_profiles_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Applications 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_applications:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node HealthCheck Operator\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nhc:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Service Mesh 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Power monitoring for Red Hat OpenShift\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_power_monitoring\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift for Windows Containers\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:windows_machine_config\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 1\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-04-08T17:46:14.569488Z\",\"id\":\"CVE-2026-32280\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.25.9\",\"matchCriteriaId\":\"C6C9C072-9817-402D-877F-F83584B07017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.26.0\",\"versionEndExcluding\":\"1.26.2\",\"matchCriteriaId\":\"39FE9BAF-55E9-43AA-B14E-239E7EF1D65D\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/758320\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/78282\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Release Notes\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4947\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10217\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10219\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:10704\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11507\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11514\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:11688\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13545\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13791\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13826\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:13829\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14020\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14162\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14200\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:14391\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:15980\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16021\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16024\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16101\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16476\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16477\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16505\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16508\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16532\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16534\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16535\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16537\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16542\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16874\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:16875\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17084\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:17287\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18027\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:18032\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19133\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19135\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19144\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19350\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19353\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19375\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19450\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19550\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19634\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19714\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19715\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19719\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19720\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19721\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19722\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19750\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19839\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20556\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20569\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20570\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20571\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20607\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20608\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20609\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20889\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21017\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21338\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21655\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21769\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21772\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22130\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22141\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22258\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22260\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22268\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22309\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22347\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22415\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22422\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22465\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22485\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22709\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22713\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22840\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22862\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22958\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22959\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22960\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22961\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:22962\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23102\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23103\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23244\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23345\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23361\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24337\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24359\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24470\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24478\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24716\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24761\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24762\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24853\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24977\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25089\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25127\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25180\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26447\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26571\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26585\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26636\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:27076\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28038\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28047\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28074\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28196\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28198\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28441\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28886\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28961\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29035\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29195\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29455\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29702\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29703\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:29854\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33722\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34097\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34192\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34196\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34197\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34365\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36319\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36651\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36796\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9385\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-32280\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2456339\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-13T23:04:10+00:00",
"cve": "CVE-2026-32280",
"id": "CVE-2026-32280",
"initial_release_date": "2026-04-08T01:06:58.595000+00:00",
"product_status:fixed": "2567",
"product_status:known_affected": "187",
"product_status:known_not_affected": "2664",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el10\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6 for RHEL 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux Server (v. 7 ELS)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el8\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.14::el8\", \"cpe:/a:redhat:openshift:4.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.15::el8\", \"cpe:/a:redhat:openshift:4.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.17::el8\", \"cpe:/a:redhat:openshift:4.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.18::el8\", \"cpe:/a:redhat:openshift:4.18::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.18\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el8\", \"cpe:/a:redhat:satellite_capsule:6.16::el8\", \"cpe:/a:redhat:satellite_maintenance:6.16::el8\", \"cpe:/a:redhat:satellite_utils:6.16::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.5::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.5 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\", \"cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9\", \"cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4 on RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"RHEM 1.0 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:17.1\", \"cpe:/a:redhat:openstack:17.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 17.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4.19::el8\", \"cpe:/a:redhat:openshift:4.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.16::el9\", \"cpe:/a:redhat:satellite_capsule:6.16::el9\", \"cpe:/a:redhat:satellite_maintenance:6.16::el9\", \"cpe:/a:redhat:satellite_utils:6.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.16 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6.19::el9\", \"cpe:/a:redhat:satellite_capsule:6.19::el9\", \"cpe:/a:redhat:satellite_maintenance:6.19::el9\", \"cpe:/a:redhat:satellite_utils:6.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6.19 for RHEL 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\", \"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream TUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat CodeReady Linux Builder EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::crb\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.19::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Custom Metric Autoscaler 2.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:apache_camel_hawtio:4.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"HawtIO HawtIO 4.4.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.4.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.5.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub:1.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub 1.6.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:network_observ_optr:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Network Observability (NETOBSERV) 1.11.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection 1.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Compliance Operator 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2.6::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.8::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub 1.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Edge Manager 1.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lightspeed_for_runtimes:1.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Lightspeed (formerly Insights) for Runtimes 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai:2.25::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI 2.25\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_builds:1.7::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Builds 1.7.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3.28::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces 3.28\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_distributed_tracing:3.9::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift distributed tracing 3.9.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:stf:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack 1.5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.14::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.15::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.16::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.16\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer 1.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.11\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.12::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.12\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.13\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.14::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.14\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1.15::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal 1.15\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:2.0::el8\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift 2.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.11\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.17::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.17\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.8::el8\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:assisted_installer:2\"], \"vendor\": \"Red Hat\", \"product\": \"Assisted Installer for Red Hat OpenShift Container Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1\"], \"vendor\": \"Red Hat\", \"product\": \"Confidential Compute Attestation\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:deployment_validator_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Deployment Validation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:external_secrets_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"External Secrets Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ext_dns_optr:1\"], \"vendor\": \"Red Hat\", \"product\": \"ExternalDNS Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_far:0\"], \"vendor\": \"Red Hat\", \"product\": \"Fence Agents Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"File Integrity Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:gatekeeper:3\"], \"vendor\": \"Red Hat\", \"product\": \"Gatekeeper 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:5\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lvms:4\"], \"vendor\": \"Red Hat\", \"product\": \"Logical Volume Manager Storage\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_mdr:0\"], \"vendor\": \"Red Hat\", \"product\": \"Machine Deletion Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhmt:1\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:mirror_registry:1\"], \"vendor\": \"Red Hat\", \"product\": \"mirror registry for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ocp_tools\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Developer Tools and Services\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_lightspeed\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Lightspeed\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:serverless:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Serverless\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_3scale_amp:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat 3scale API Management Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ai_inference_server:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat AI Inference Server\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:certifications:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Certification Program for Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:connectivity_link:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Connectivity Link 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Cluster Manager CLI\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:devworkspace\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Workspaces Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_service_on_aws:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift on AWS\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:16.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 16.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:18.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 18.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_security_profiles_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"Security Profiles Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_applications:8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Applications 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_nhc:0\"], \"vendor\": \"Red Hat\", \"product\": \"Node HealthCheck Operator\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Service Mesh 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_power_monitoring\"], \"vendor\": \"Red Hat\", \"product\": \"Power monitoring for Red Hat OpenShift\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:windows_machine_config\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift for Windows Containers\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 1\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 2\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:3\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 3\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-04-08T02:01:19.572Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-04-08T01:06:58.595Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:24762: Red Hat Ansible Automation Platform 2.6 for RHEL 10, Red Hat Ansible Automation Platform 2.6 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16101: Red Hat Enterprise Linux Server (v. 7 ELS)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24761: Red Hat Ansible Automation Platform 2.5 for RHEL 8, Red Hat Ansible Automation Platform 2.5 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28886: Red Hat OpenShift Container Platform 4.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28961: Red Hat OpenShift Container Platform 4.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34097: Red Hat OpenShift Container Platform 4.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21655: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25180: Red Hat OpenShift Container Platform 4.18\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:27076: Red Hat Satellite 6.16 for RHEL 8, Red Hat Satellite 6.16 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14391: Cryostat 4 on RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36796: RHEM 1.0 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28047: Red Hat OpenStack Platform 17.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23244: Red Hat OpenShift Container Platform 4.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34365: Red Hat Satellite 6.19 for RHEL 9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20569: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23103: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19715: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16024: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19550: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:18032: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:18027: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17084: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19719: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19750: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20570: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22713: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19714: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20571: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19450: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10217: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29195: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23102: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19133: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22141: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19144: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19135: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24470: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22130: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29035: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24716: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33722: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10704: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16875: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11507: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11514: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:15980: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19634: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34192: Red Hat Enterprise Linux AppStream E4S (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34196: Red Hat Enterprise Linux AppStream E4S (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34197: Red Hat Enterprise Linux AppStream E4S (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19721: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20607: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20608: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19722: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16021: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20556: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19839: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28038: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19720: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22709: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:17287: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24337: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20609: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14200: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:10219: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29455: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29703: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19350: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19353: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26447: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22309: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29702: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28074: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26636: Custom Metric Autoscaler 2.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25089: HawtIO HawtIO 4.4.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26585: Logging Subsystem for Red Hat OpenShift 6.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22862: Logging Subsystem for Red Hat OpenShift 6.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22347: Multicluster Global Hub 1.4.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21769: Multicluster Global Hub 1.5.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23345: Multicluster Global Hub 1.6.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16874: Network Observability (NETOBSERV) 1.11.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:29854: OpenShift API for Data Protection 1.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26568: OpenShift API for Data Protection 1.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26571: OpenShift Compliance Operator 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:25127: Red Hat Advanced Cluster Management for Kubernetes 2.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13829: Red Hat Advanced Cluster Security for Kubernetes 4.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:20889: Red Hat Advanced Cluster Security for Kubernetes 4.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13791: Red Hat Advanced Cluster Security for Kubernetes 4.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36319: Red Hat Advanced Cluster Security for Kubernetes 4.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13545: Red Hat Ansible Automation Platform 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21338: Red Hat Developer Hub 1.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:13826: Red Hat Developer Hub 1.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36651: Red Hat Edge Manager 1.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22485: Red Hat Lightspeed (formerly Insights) for Runtimes 1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24977: Red Hat OpenShift AI 2.25\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24359: Red Hat OpenShift Builds 1.7.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:11688: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16476: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16477: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16534: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16505: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16532: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16508: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16535: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16537: Red Hat OpenShift Service Mesh 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:16542: Red Hat OpenShift Service Mesh 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14162: Red Hat OpenShift distributed tracing 3.9.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9385: Red Hat OpenShift distributed tracing 3.9.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:14020: Red Hat OpenStack 1.5\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22840: Red Hat Quay 3.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:21017: Red Hat Quay 3.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24853: Red Hat Quay 3.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:19375: Red Hat Quay 3.16\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22465: Red Hat Quay 3.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23361: Red Hat Quay 3.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:24478: Red Hat Trusted Artifact Signer 1.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22960: Red Hat Web Terminal 1.11\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22958: Red Hat Web Terminal 1.12\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22962: Red Hat Web Terminal 1.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22959: Red Hat Web Terminal 1.14\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22961: Red Hat Web Terminal 1.15\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28441: mirror registry for Red Hat OpenShift 2.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22422: multicluster engine for Kubernetes 2.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22268: multicluster engine for Kubernetes 2.11\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22415: multicluster engine for Kubernetes 2.17\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28198: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:28196: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22258: multicluster engine for Kubernetes 2.8\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:22260: multicluster engine for Kubernetes 2.8\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-04-08T01:06:58.595Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-32280\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2456339\", \"name\": \"RHBZ#2456339\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32280.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24762\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16101\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24761\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28886\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28961\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34097\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21655\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25180\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:27076\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14391\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36796\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28047\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23244\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34365\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20569\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23103\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19715\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16024\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19550\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:18032\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:18027\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17084\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19719\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19750\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20570\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22713\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19714\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20571\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19450\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10217\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29195\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23102\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19133\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22141\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19144\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19135\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24470\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22130\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29035\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24716\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33722\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10704\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16875\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11507\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11514\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:15980\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19634\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34192\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34196\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34197\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19721\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20607\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20608\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19722\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16021\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20556\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19839\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28038\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19720\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22709\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:17287\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24337\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20609\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14200\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:10219\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29455\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29703\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19350\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19353\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26447\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22309\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29702\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28074\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26636\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25089\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26585\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22862\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22347\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21769\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23345\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16874\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:29854\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26568\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26571\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:25127\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13829\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:20889\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13791\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36319\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13545\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21338\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:13826\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36651\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22485\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24977\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24359\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21772\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:11688\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16476\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16477\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16534\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16505\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16532\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16508\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16535\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16537\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:16542\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14162\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9385\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:14020\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22840\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:21017\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24853\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:19375\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22465\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23361\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:24478\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22960\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22958\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22962\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22959\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22961\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28441\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22422\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22268\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22415\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28198\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:28196\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22258\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:22260\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-09T12:09:15.670Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32280\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-08T17:46:14.569488Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-08T17:45:30.925Z\"}}], \"cna\": {\"title\": \"Unexpected work during chain building in crypto/x509\", \"credits\": [{\"lang\": \"en\", \"value\": \"Jakub Ciolek - https://ciolek.dev\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/x509\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.25.9\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-0\", \"lessThan\": \"1.26.2\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/x509\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Certificate.buildChains\"}, {\"name\": \"Certificate.Verify\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/758320\"}, {\"url\": \"https://go.dev/issue/78282\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4947\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-04-08T01:06:58.595Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-32280\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-09T12:09:15.670Z\", \"dateReserved\": \"2026-03-11T16:38:46.555Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-04-08T01:06:58.595Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:22713
Vulnerability from csaf_redhat - Published: 2026-06-03 07:49 - Updated: 2026-07-13 23:21A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for rhc is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and subscription management.\n\nSecurity Fix(es):\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22713",
"url": "https://access.redhat.com/errata/RHSA-2026:22713"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22713.json"
}
],
"title": "Red Hat Security Advisory: rhc security update",
"tracking": {
"current_release_date": "2026-07-13T23:21:50+00:00",
"generator": {
"date": "2026-07-13T23:21:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:22713",
"initial_release_date": "2026-06-03T07:49:12+00:00",
"revision_history": [
{
"date": "2026-06-03T07:49:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-03T07:49:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:21:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.2-4.el10_0.src",
"product": {
"name": "rhc-1:0.3.2-4.el10_0.src",
"product_id": "rhc-1:0.3.2-4.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.2-4.el10_0?arch=src\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.2-4.el10_0.aarch64",
"product": {
"name": "rhc-1:0.3.2-4.el10_0.aarch64",
"product_id": "rhc-1:0.3.2-4.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.2-4.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"product": {
"name": "rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"product_id": "rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.2-4.el10_0?arch=aarch64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"product": {
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"product_id": "rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.2-4.el10_0?arch=aarch64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.2-4.el10_0.ppc64le",
"product": {
"name": "rhc-1:0.3.2-4.el10_0.ppc64le",
"product_id": "rhc-1:0.3.2-4.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.2-4.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"product": {
"name": "rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"product_id": "rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.2-4.el10_0?arch=ppc64le\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"product": {
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"product_id": "rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.2-4.el10_0?arch=ppc64le\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.2-4.el10_0.s390x",
"product": {
"name": "rhc-1:0.3.2-4.el10_0.s390x",
"product_id": "rhc-1:0.3.2-4.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.2-4.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"product": {
"name": "rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"product_id": "rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.2-4.el10_0?arch=s390x\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"product": {
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"product_id": "rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.2-4.el10_0?arch=s390x\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhc-1:0.3.2-4.el10_0.x86_64",
"product": {
"name": "rhc-1:0.3.2-4.el10_0.x86_64",
"product_id": "rhc-1:0.3.2-4.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc@0.3.2-4.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debugsource-1:0.3.2-4.el10_0.x86_64",
"product": {
"name": "rhc-debugsource-1:0.3.2-4.el10_0.x86_64",
"product_id": "rhc-debugsource-1:0.3.2-4.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debugsource@0.3.2-4.el10_0?arch=x86_64\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"product": {
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"product_id": "rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhc-debuginfo@0.3.2-4.el10_0?arch=x86_64\u0026epoch=1"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.2-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64"
},
"product_reference": "rhc-1:0.3.2-4.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.2-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le"
},
"product_reference": "rhc-1:0.3.2-4.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.2-4.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x"
},
"product_reference": "rhc-1:0.3.2-4.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.2-4.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src"
},
"product_reference": "rhc-1:0.3.2-4.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-1:0.3.2-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64"
},
"product_reference": "rhc-1:0.3.2-4.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64"
},
"product_reference": "rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le"
},
"product_reference": "rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x"
},
"product_reference": "rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debuginfo-1:0.3.2-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64"
},
"product_reference": "rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.2-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64"
},
"product_reference": "rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.2-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le"
},
"product_reference": "rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.2-4.el10_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x"
},
"product_reference": "rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhc-debugsource-1:0.3.2-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
},
"product_reference": "rhc-debugsource-1:0.3.2-4.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T07:49:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22713"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T07:49:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22713"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T07:49:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22713"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T07:49:12+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22713"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:rhc-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debuginfo-1:0.3.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.s390x",
"AppStream-10.0.Z.E2S:rhc-debugsource-1:0.3.2-4.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
RHSA-2026:22840
Vulnerability from csaf_redhat - Published: 2026-06-03 13:02 - Updated: 2026-07-14 06:51A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
Workaround
|
A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application's internal network, potentially leading to the disclosure of sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
Workaround
|
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
Workaround
|
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
Workaround
|
A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
Workaround
|
A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library's failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
Workaround
|
A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application's core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
Workaround
|
A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution "Gadget" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — | ||
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.22 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.22",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22840",
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62718",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2377",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32589",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32590",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33894",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39892",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40192",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-40895",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42033",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42035",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42039",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42041",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42043",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42044",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4598",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22840.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.22",
"tracking": {
"current_release_date": "2026-07-14T06:51:48+00:00",
"generator": {
"date": "2026-07-14T06:51:48+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:22840",
"initial_release_date": "2026-06-03T13:02:46+00:00",
"revision_history": [
{
"date": "2026-06-03T13:02:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-03T13:02:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T06:51:48+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.10",
"product": {
"name": "Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1779218527"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1779218498"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Abcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1779218452"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6?arch=s390x\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1779218496"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ae2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1779218475"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Aa1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1?arch=s390x\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779822261"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-bundle\u0026tag=1779219004"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ac198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1779218498"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3Afa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-bundle\u0026tag=1779219320"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aa7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1779218452"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8\u0026tag=1779218989"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1779218527"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778?arch=amd64\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1779218496"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-bundle\u0026tag=1779825814"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1779218475"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc?arch=amd64\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779822261"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-container-security-operator-rhel8\u0026tag=1779218498"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ae4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-bridge-operator-rhel8\u0026tag=1779218452"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Ac9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-builder-rhel8\u0026tag=1779218527"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/clair-rhel8\u0026tag=1779218496"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ac177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-operator-rhel8\u0026tag=1779218475"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5?arch=ppc64le\u0026repository_url=registry.redhat.io/quay/quay-rhel8\u0026tag=1779822261"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64 as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le as a component of Red Hat Quay 3.10",
"product_id": "Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-2377",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-02-11T21:02:44.495000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439201"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay and mirror registry for Red Hat OpenShift. The log export feature in these products allows an authenticated user to specify an arbitrary callback URL. A backend process then makes server-side HTTP requests to this provided URL. This vulnerability, known as Server-Side Request Forgery (SSRF), could allow an attacker to send requests from the application\u0027s internal network, potentially leading to the disclosure of sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Due to the intended and supported use case of Openshift Mirror Registry, deployment in an offline or network-isolated environment, the impact for this product has been downgraded to `Moderate`.\n\nEven in case of compromise, the blast radius is restricted to mirror-registry. It can not be escalated outside the core product. This vulnerability has been scored based on the lack of change of scope.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2377"
},
{
"category": "external",
"summary": "RHBZ#2439201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439201"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2377",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2377"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2377"
}
],
"release_date": "2026-04-08T16:18:10.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality"
},
{
"cve": "CVE-2026-4598",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-03-23T06:01:47.891452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450210"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service (DoS) by hanging the process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "IMPORTANT: A denial of service flaw was found in jsrsasign. This vulnerability allows a remote attacker to cause a permanent denial of service by providing specially crafted zero or negative inputs to the bnModInverse function, leading to an infinite loop. This affects Red Hat Migration Toolkit for Virtualization and Red Hat Quay, which utilize the vulnerable jsrsasign component.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4598"
},
{
"category": "external",
"summary": "RHBZ#2450210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4598"
},
{
"category": "external",
"summary": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264",
"url": "https://gist.github.com/Kr0emer/a1bf5cd4547cc630d2dcc5e761de8264"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323",
"url": "https://github.com/kjur/jsrsasign/commit/ca5b027240287a1e71fe63019fc4400332594323"
},
{
"category": "external",
"summary": "https://github.com/kjur/jsrsasign/pull/648",
"url": "https://github.com/kjur/jsrsasign/pull/648"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-15370938"
}
],
"release_date": "2026-03-23T05:00:11.571000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32589",
"cwe": {
"id": "CWE-639",
"name": "Authorization Bypass Through User-Controlled Key"
},
"discovery_date": "2026-03-12T14:43:07.878000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446963"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user\u0027s in-progress image upload.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: quay: insecure direct object reference in BlobUpload",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials to the Quay registry. Unauthenticated users cannot exploit this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32589"
},
{
"category": "external",
"summary": "RHBZ#2446963",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446963"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32589",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32589"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32589"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "mirror-registry: quay: insecure direct object reference in BlobUpload"
},
{
"acknowledgments": [
{
"names": [
"Antony Di Scala",
"Michael Whale"
]
}
],
"cve": "CVE-2026-32590",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2026-03-12T14:43:11.443000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446964"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Red Hat Quay\u0027s handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "mirror-registry: remote code execution using pickle deserialization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation requires valid login credentials. The attacker must be authenticated to the registry, either through the web interface or through a container tool such as Podman.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32590"
},
{
"category": "external",
"summary": "RHBZ#2446964",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446964"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32590"
}
],
"release_date": "2026-04-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "mirror-registry: remote code execution using pickle deserialization"
},
{
"cve": "CVE-2026-33894",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-27T21:02:52.462999+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Forge (also called `node-forge`), a JavaScript implementation of Transport Layer Security. A remote attacker could exploit weaknesses in the RSASSA PKCS#1 v1.5 signature verification process. By crafting malicious signatures that include extra data within the ASN structure and do not meet padding requirements, an attacker can bypass signature validation. This allows for the creation of forged signatures that appear legitimate, potentially compromising the integrity and authenticity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33894"
},
{
"category": "external",
"summary": "RHBZ#2452464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33894",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33894"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33894"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc2313#section-8",
"url": "https://datatracker.ietf.org/doc/html/rfc2313#section-8"
},
{
"category": "external",
"summary": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp",
"url": "https://github.com/digitalbazaar/forge/security/advisories/GHSA-ppp5-5v6c-4jwp"
},
{
"category": "external",
"summary": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE",
"url": "https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc8017.html",
"url": "https://www.rfc-editor.org/rfc/rfc8017.html"
}
],
"release_date": "2026-03-27T20:45:49.583000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
},
{
"cve": "CVE-2026-39892",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-08T22:00:59.416053+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cryptography library. This vulnerability occurs when a non-contiguous buffer is passed to certain application programming interfaces (APIs) that accept Python buffers, such as Hash.update(). A remote attacker could exploit this to cause a buffer overflow, potentially leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In default configurations Red Hat products isolate service processes from total system access. Should an attacker be able to exploit this vulnerability their impact will be limited to that service account and they will not have access to the broader system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39892"
},
{
"category": "external",
"summary": "RHBZ#2456735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39892",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39892"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2026/04/08/12",
"url": "http://www.openwall.com/lists/oss-security/2026/04/08/12"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5",
"url": "https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq"
}
],
"release_date": "2026-04-08T20:49:41.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: Cryptography: Buffer overflow via non-contiguous buffer in API"
},
{
"cve": "CVE-2026-40192",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-04-16T00:00:49.590876+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2458856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Pillow, a Python imaging library. This vulnerability allows a remote attacker to trigger a denial of service (DoS) by providing a specially crafted FITS image file. The library\u0027s failure to limit the amount of GZIP-compressed data during decoding can lead to unbounded memory consumption, causing the system to crash or experience severe performance issues.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40192"
},
{
"category": "external",
"summary": "RHBZ#2458856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2458856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40192",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40192"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628",
"url": "https://github.com/python-pillow/Pillow/commit/3cb854e8b2bab43f40e342e665f9340d861aa628"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/pull/9521",
"url": "https://github.com/python-pillow/Pillow/pull/9521"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-whj4-6x5x-4v2j"
},
{
"category": "external",
"summary": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html#prevent-fits-decompression-bomb"
}
],
"release_date": "2026-04-15T22:53:56.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Pillow: Pillow: Denial of Service via decompression bomb in FITS image processing"
},
{
"cve": "CVE-2026-40895",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2026-04-21T21:02:33.280553+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460297"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in follow-redirects. When an HTTP request follows a cross-domain redirect (a redirection to a different domain), custom authentication headers, such as X-API-Key or X-Auth-Token, are not properly stripped. This allows these sensitive headers to be forwarded verbatim to the redirect target, potentially leading to the unintended disclosure of authentication information to an untrusted third party.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40895"
},
{
"category": "external",
"summary": "RHBZ#2460297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460297"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40895",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40895"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40895"
},
{
"category": "external",
"summary": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653",
"url": "https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-r4q5-vmmm-2653"
}
],
"release_date": "2026-04-21T19:59:59.759000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "follow-redirects: follow-redirects: Information disclosure via cross-domain redirects"
},
{
"cve": "CVE-2026-42033",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:20.937507+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461607"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, an HTTP client library. This vulnerability allows an attacker to exploit a prototype pollution issue if another part of the application has already polluted the Object.prototype. By doing so, the attacker can intercept and modify JSON responses or take control of the HTTP communication. This could lead to unauthorized access to sensitive information like user credentials and request details.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42033"
},
{
"category": "external",
"summary": "RHBZ#2461607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42033"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pf86-5x62-jrwf"
}
],
"release_date": "2026-04-24T17:36:44.132000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: HTTP Transport Hijacking via Prototype Pollution"
},
{
"cve": "CVE-2026-42035",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T18:01:17.109481+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461606"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a software library for making network requests. A remote attacker can exploit a prototype pollution vulnerability to inject arbitrary HTTP headers into outgoing requests. This occurs when the application\u0027s core object definitions are manipulated, causing Axios to misinterpret data and include attacker-controlled headers in network communications. This could lead to unauthorized actions or data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Arbitrary HTTP header injection via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42035"
},
{
"category": "external",
"summary": "RHBZ#2461606",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461606"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42035"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42035"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-6chq-wfr3-2hj9"
}
],
"release_date": "2026-04-24T17:38:07.752000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "axios: Axios: Arbitrary HTTP header injection via prototype pollution"
},
{
"cve": "CVE-2026-42039",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-24T19:01:44.887156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461630"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client for browsers and Node.js. This vulnerability occurs because the `toFormData` function recursively processes nested objects without a depth limit. A remote attacker can exploit this by sending deeply nested request data, which causes the Node.js process to crash due to a RangeError, leading to a potential Denial of Service (DoS) if the process crashes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "RHBZ#2461630",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461630"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42039",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42039"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42039"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9",
"url": "https://github.com/axios/axios/security/advisories/GHSA-62hf-57xw-28j9"
}
],
"release_date": "2026-04-24T18:01:30.775000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Node.js: Axios: Denial of Service via unbounded recursion in toFormData with deeply nested request data"
},
{
"cve": "CVE-2026-42041",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:41.034289+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461629"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, a Prototype Pollution \"Gadget\" attack, allows an attacker to manipulate the `Object.prototype.validateStatus` property. By polluting this property, all HTTP error responses (such as 401, 403, or 500) are silently treated as successful responses. This can lead to a complete bypass of application-level authentication and error handling, potentially granting unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42041"
},
{
"category": "external",
"summary": "RHBZ#2461629",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461629"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42041"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42041"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63",
"url": "https://github.com/axios/axios/security/advisories/GHSA-w9j2-pvgh-6h63"
}
],
"release_date": "2026-04-24T17:55:30.036000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Authentication bypass due to prototype pollution of HTTP error handling"
},
{
"cve": "CVE-2026-42043",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-24T19:01:22.552379+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461626"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. An attacker who can control the destination address of an Axios request can exploit this vulnerability. By using specific internal network addresses (within the 127.0.0.0/8 range, excluding 127.0.0.1), the attacker can completely bypass the NO_PROXY protection, potentially leading to unauthorized access or information disclosure within the network. This issue is an incomplete fix for a previous vulnerability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: NO_PROXY bypass via crafted URL",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42043"
},
{
"category": "external",
"summary": "RHBZ#2461626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461626"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42043"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42043"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7",
"url": "https://github.com/axios/axios/security/advisories/GHSA-pmwg-cvhr-8vh7"
}
],
"release_date": "2026-04-24T17:54:42.668000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: NO_PROXY bypass via crafted URL"
},
{
"cve": "CVE-2026-42044",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-24T19:01:13.418725+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution \"Gadget\" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could lead to significant security breaches, including unauthorized privilege escalation, fraudulent balance manipulation, or bypassing critical authorization checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"known_not_affected": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42044"
},
{
"category": "external",
"summary": "RHBZ#2461624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42044"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42044"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3w6x-2g7m-8v23"
}
],
"release_date": "2026-04-24T17:49:49.517000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T13:02:46+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22840"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:0a19dd61567ff1df5d315a1a5028e28a8917677c946f352a3b4ebe15275e95d6_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:2458e97873fa8ce44c2cfdba91ed2218b7c8eb81a56f45e8df196aafaf7bc778_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/clair-rhel8@sha256:56d1619e0a47be2d43654b16e40ea1b3a9f327853a91f1bb5226af758fb4ea2f_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:fa9f687779e18fdf4b2bb37f430a901602b86063f068f5deda6188478a295554_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:a7491a272b7d1c67ae910e097f60a69d9ff961301f6d6313a392df126ff41fdc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:bcf7d7cf2f8421b2851df76ababedaf45fae3321d5ca60511e88f14ba5d3941c_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:e4b3de8a5e61bd32a21c8c2d88a98fbf9e9491dd30cdfc404078922602273729_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:7f21e78fc22ab49b37b55f28e2a5fa37e913684714943e46d87cd5a2cebf54a6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:14503039a9b2f1b9f3de23c8d96f2a8cb55c2562b9fccb06ed6367e765f2a744_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:c9c4462d0badea29c857d1dfcb3883e2cb2cf16bf8333358e53590640a575615_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-builder-rhel8@sha256:ff9d20e3f323570cfc23c32cba22fdb6ab0ea79e9ebdce379c5f36ccfd132d3d_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:6171d21593edfd320b55fb27381e5fb16cb98ee77f37bbf51da755c99727a253_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:307f5a05a9ba2aa489976f588c033c60c0f8bf2a959cd68e19d2e20c61ac4ff1_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:57156c76f32d6acb0edb09be7b8aef028b1b0499a3e954d759a636985fcd1502_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:c198be8391f2883cccae06f39604f2f61aa557cd51a99a22187b2fe3bee0590c_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-bundle@sha256:76f2d738af0c5413dd5a9f79f39582e5d9e8b512f0bda0151a307ef7fdc436f8_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:c177bf11278087349290197f3dbc470cf0ade6be3705e0290ce4294637b17099_ppc64le",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:e2701d2b3c5170d096c97006aff96cc50b6106eb4467b12faed889b4f30d5309_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-operator-rhel8@sha256:f8b0d7b978589b98c423c86d99a4f2b8f34f8884177c3703c19ee1bf5f8eb4d6_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:5fda9676baf87c3bbcbf4cc37588b4d0f2c24f1be36fec0d90afe044f673c5dc_amd64",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:a1c0a72df841fd97f7def41b3de85bfd7ceaa809805bebf3291ba54345bda7a1_s390x",
"Red Hat Quay 3.10:registry.redhat.io/quay/quay-rhel8@sha256:c068b508acb9777d4cbacec4c6bd451b2858786ac4bfa249a1575f993efb7cb5_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget"
}
]
}
RHSA-2026:22862
Vulnerability from csaf_redhat - Published: 2026-06-03 14:28 - Updated: 2026-07-14 05:24The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64 | — |
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64 | — |
Workaround
|
A flaw was found in quinn-proto, a pure-Rust implementation of the IETF QUIC transport protocol. A remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x | — |
Workaround
|
A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64 | — |
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64 | — |
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64 | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x | — |
Workaround
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64 | — |
Workaround
|
lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values during LZ4 "match copy operations," allowing out-of-bounds reads from the output buffer. The block-based API functions (`decompress_into`, `decompress_into_with_dict`, and others when `safe-decode` is disabled) are affected, while all frame APIs are unaffected. The impact is potential exposure of sensitive data and secrets through crafted or malformed LZ4 input. This issue has been fixed in versions 0.11.6 and 0.12.1.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x | — |
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64 | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x | — | ||
| Unresolved product id: Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Logging for Red Hat OpenShift - 6.4.5",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Logging 6.4.5 is a cluster-wide logging solution for OpenShift that collects and manages applications, infrastructure, and audit logs.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22862",
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31812",
"url": "https://access.redhat.com/security/cve/CVE-2026-31812"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32829",
"url": "https://access.redhat.com/security/cve/CVE-2026-32829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22862.json"
}
],
"title": "Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.4.5",
"tracking": {
"current_release_date": "2026-07-14T05:24:30+00:00",
"generator": {
"date": "2026-07-14T05:24:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:22862",
"initial_release_date": "2026-06-03T14:28:38+00:00",
"revision_history": [
{
"date": "2026-06-03T14:28:38+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-03T14:28:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T05:24:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Logging Subsystem for Red Hat OpenShift 6.4",
"product": {
"name": "Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:6.4::el9"
}
}
}
],
"category": "product_family",
"name": "Logging Subsystem for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3Aed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=1780051689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256%3A2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=1780055531"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=1780051640"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3A0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=1780051630"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3A89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=1780051809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3Af88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=1780051656"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"product_id": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256%3A236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=1780055542"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3A2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=1780051644"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3Ab150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=1780051640"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3Afac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=1780052069"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=1780051689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=1780051640"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3A2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=1780051630"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3A587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=1780051809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=1780051656"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3Ae4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=1780051644"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3Ab1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=1780051640"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3A3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=1780052069"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=1780051689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=1780051640"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3Ad840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=1780051630"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3Aec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=1780051809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3Ab3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=1780051656"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3A95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=1780051644"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3Aee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=1780051640"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3Af2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=1780052069"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256%3A15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=1780051689"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256%3A9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=1780051640"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256%3Acbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=1780051630"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256%3A681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=1780051809"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256%3A465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=1780051656"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256%3A84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=1780051644"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256%3A287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=1780051640"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"product_id": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256%3Aba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=1780052069"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64 as a component of Logging Subsystem for Red Hat OpenShift 6.4",
"product_id": "Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
},
"product_reference": "registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64",
"relates_to_product_reference": "Logging Subsystem for Red Hat OpenShift 6.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T14:28:38+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/ocp-4-20-release-notes\n\nFor Red Hat OpenShift Logging 6.4, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T14:28:38+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/ocp-4-20-release-notes\n\nFor Red Hat OpenShift Logging 6.4, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-31812",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-03-10T23:02:15.752133+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446330"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in quinn-proto, a pure-Rust implementation of the IETF QUIC transport protocol. A remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quic_transport_parameters. In quinn-proto parsing logic, attacker-controlled varints are decoded with unwrap(), so truncated encodings cause Err(UnexpectedEnd) and panic. This is reachable over the network with a single packet and no prior trust or authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "quinn-proto: quinn-proto: Denial of Service via crafted QUIC Initial packet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The availability impact of this flaw is limited to specific services on Red Hat systems. Host system availability is not at risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31812"
},
{
"category": "external",
"summary": "RHBZ#2446330",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446330"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31812",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31812"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31812",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31812"
},
{
"category": "external",
"summary": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98",
"url": "https://github.com/quinn-rs/quinn/security/advisories/GHSA-6xvm-j4wr-6v98"
}
],
"release_date": "2026-03-10T21:04:36.812000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T14:28:38+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/ocp-4-20-release-notes\n\nFor Red Hat OpenShift Logging 6.4, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "quinn-proto: quinn-proto: Denial of Service via crafted QUIC Initial packet"
},
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T14:28:38+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/ocp-4-20-release-notes\n\nFor Red Hat OpenShift Logging 6.4, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T14:28:38+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/ocp-4-20-release-notes\n\nFor Red Hat OpenShift Logging 6.4, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T14:28:38+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/ocp-4-20-release-notes\n\nFor Red Hat OpenShift Logging 6.4, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32829",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"discovery_date": "2026-03-16T22:05:38.553414+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448271"
}
],
"notes": [
{
"category": "description",
"text": "lz4_flex is a pure Rust implementation of LZ4 compression/decompression. In versions 0.11.5 and below, and 0.12.0, decompressing invalid LZ4 data can leak sensitive information from uninitialized memory or from previous decompression operations. The library fails to properly validate offset values during LZ4 \"match copy operations,\" allowing out-of-bounds reads from the output buffer. The block-based API functions (`decompress_into`, `decompress_into_with_dict`, and others when `safe-decode` is disabled) are affected, while all frame APIs are unaffected. The impact is potential exposure of sensitive data and secrets through crafted or malformed LZ4 input. This issue has been fixed in versions 0.11.6 and 0.12.1.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lz4_flex: lz4_flex\u0027s decompression can leak information from uninitialized memory or reused output buffer",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In RHEL 9 and RHEL 10, this vulnerability presents minimal risk as the rust-analyzer component operates in a \"closed loop,\" strictly decompressing its own internal database. Because it does not process external or untrusted data, exploitation requires an attacker to already possess local access and sufficient privileges to tamper with the internal cache files on disk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32829"
},
{
"category": "external",
"summary": "RHBZ#2448271",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448271"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32829"
},
{
"category": "external",
"summary": "https://github.com/PSeitz/lz4_flex",
"url": "https://github.com/PSeitz/lz4_flex"
},
{
"category": "external",
"summary": "https://github.com/PSeitz/lz4_flex/commit/055502ee5d297ecd6bf448ac91c055c7f6df9b6d",
"url": "https://github.com/PSeitz/lz4_flex/commit/055502ee5d297ecd6bf448ac91c055c7f6df9b6d"
},
{
"category": "external",
"summary": "https://github.com/PSeitz/lz4_flex/security/advisories/GHSA-vvp9-7p8x-rfvv",
"url": "https://github.com/PSeitz/lz4_flex/security/advisories/GHSA-vvp9-7p8x-rfvv"
}
],
"release_date": "2026-03-16T20:48:08+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T14:28:38+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/ocp-4-20-release-notes\n\nFor Red Hat OpenShift Logging 6.4, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lz4_flex: lz4_flex\u0027s decompression can leak information from uninitialized memory or reused output buffer"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in the Go `crypto/x509` package that could allow an attacker to bypass certificate validation. The vulnerability arises from an incorrect application of excluded DNS constraints to wildcard DNS Subject Alternative Names (SANs) when their case differs from the constraint. This could lead to Red Hat products accepting malicious certificates from otherwise trusted chains, compromising the trust model.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le"
],
"known_not_affected": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T14:28:38+00:00",
"details": "For OpenShift Container Platform 4.20 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html/release_notes/ocp-4-20-release-notes\n\nFor Red Hat OpenShift Logging 6.4, see the following instructions to apply this update:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_logging/6.4",
"product_ids": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22862"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-operator-bundle@sha256:2bce5cfd48129d7b7754573fb47cb9270f25b39d12d2219734c77e999ddf3d29_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:0d3749fd70dc3cddf9fd2d778c2e665c4b67ce31c45b714d38e32af0b31e580d_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:15de420e2672e785da00ab02631f7114ea139c3938acf7f710b753c4047e4dc9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:67e812457329a99f8c269cfeb815df6d904b65a29e3bcd0e0edd538cbb53bcf4_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator@sha256:ed33a9c93ef3846acd2f5db2531275566272c9d289d3155d3c9350c392f05356_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:098c88aa165426fc42a8ed1c2730eaeeea973acf1dc4448d72d4fa8cff1c433b_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:0a6bb7af1977294b71519115ccc42e59653ec12479ebf0b3af81f7d24bf46da1_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:61b62441c88e85f877e876a5ecc95c32d0faba813b708f9d1db759dce5385798_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/eventrouter-rhel9@sha256:9f345c47dd532864c1413308dbae6dd5de08137f87fced025d2047ae8939a492_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:0137e7a64ee09dcfd28f3f14202242b31d102c125a141a36df93784e4094aacf_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:2ff96f6e5c4e642f639df37cedfdd8ffd34e203e8cd06921af0c02f647496212_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:cbdfe1e832575a8fffd5a9759078725c00161a098c693b43ff42bcfce8afbd05_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9@sha256:d840cf730b13b0a36340b180863a2fbcf0d7b6f1e953481a24fadbc9b3fd07c9_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:587c7963571af01291ea01563c426a93d77a77ef22b79641fddbc9833791bff7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:681a30a4d5f06811095d4d2d60c26be71be64d0fdf1f73de4ef03d11df125291_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:89af60956e8a9edffd4da720bb312780cc8df816dcdb3c42f9692a6a18b2f009_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/logging-loki-rhel9@sha256:ec5351b18b95ae528f39f28e0ee4469f5e5b57544499c596ca07236084b2dcf4_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-operator-bundle@sha256:236c1feeeaec558b78611f2b599c8554639e7d6667bdd664bef2fc9ff1b86093_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:465e6c0a23afe7551b3a0522a8e7ed7519b93a94ef11ccdb41d034adbbc8f7f9_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:4b98fca26d5a72afbae2a15869fe0c0320d7ff5bbb9934e641be6536ed8387af_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:b3f5cfe39e28e525f1329d5a49307f8b0c48da0c29cb52be7fe98199c62d40ec_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/loki-rhel9-operator@sha256:f88441adcde4ec537cf76021824a8007c42c4ecefffff310e5c5f2117824bb79_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:2bcb9fd79a9591c1e00c40d5e123ca027391072f91c3dc598acad5b169528797_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:84a61cc3d10c90399780ba85d120f4a49f8393500a12eb2fd7a8943b4cbdb352_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:95a10b681f0e2e0c8a889836ca7be8e8a621713e271fbfdcd3b4227d8d49d07a_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/lokistack-gateway-rhel9@sha256:e4f738a3fafa98b23ce46210c11a7d79d6a95244b9ec635bb4bd88623f193954_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:287d83e470aa60a068613952a14bcc2718038ca1ee52798185e55ee365a129c8_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b150b15286bda982d5dce2e68dd4bfae007eb10d51c785ff214ca9c3f6db64ea_amd64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:b1b2e6eb05040c21c81a83912b8658e57c03a7e455384ed14f86819bb978a5b6_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/opa-openshift-rhel9@sha256:ee25673121b321d6f79982333dea1b656a315b5a825d5019fa093a36cdd81dd0_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:3176f479ec53def3156169e601b336dc27e1e9684969f793a5b672d8954db9a7_arm64",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:ba3685a116c66d18d1cdd49bbbf18386365b543775b711d29d8ccd4937884f04_ppc64le",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:f2d2027264fab22aae64f9e9db1a8faaaca948fd65215c3c4dbcbb8bfc362558_s390x",
"Logging Subsystem for Red Hat OpenShift 6.4:registry.redhat.io/openshift-logging/vector-rhel9@sha256:fac56a57019df1c8e23c930f456ae1f6e2166139da5ee54be53cb0530931a816_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:22958
Vulnerability from csaf_redhat - Published: 2026-06-03 19:06 - Updated: 2026-07-14 05:24A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64 | — |
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Web Terminal Operator 1.12.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22958",
"url": "https://access.redhat.com/errata/RHSA-2026:22958"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-402",
"url": "https://redhat.atlassian.net/browse/WTO-402"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-413",
"url": "https://redhat.atlassian.net/browse/WTO-413"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22958.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Web Terminal Operator 1.12.1 release.",
"tracking": {
"current_release_date": "2026-07-14T05:24:32+00:00",
"generator": {
"date": "2026-07-14T05:24:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:22958",
"initial_release_date": "2026-06-03T19:06:04+00:00",
"revision_history": [
{
"date": "2026-06-03T19:06:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-03T19:06:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T05:24:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.12",
"product": {
"name": "Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.12::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-exec-rhel9@sha256%3A6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-exec-rhel9\u0026tag=1780425077"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256%3Ac3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-rhel9-operator\u0026tag=1780425119"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-operator-bundle@sha256%3A866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-operator-bundle\u0026tag=1780425048"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256%3Ae444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-tooling-rhel9\u0026tag=1780424776"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64 as a component of Red Hat Web Terminal 1.12",
"product_id": "Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:06:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22958"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in the Go `crypto/x509` package that could allow an attacker to bypass certificate validation. The vulnerability arises from an incorrect application of excluded DNS constraints to wildcard DNS Subject Alternative Names (SANs) when their case differs from the constraint. This could lead to Red Hat products accepting malicious certificates from otherwise trusted chains, compromising the trust model.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:06:04+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.17 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22958"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:6ad3960afaa0637ad2d35dbfd600a9e7dad878b8066e1082c7e5ad1a3067438e_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:866e1419229fc2f2808584e548b6514be34782119ee49e850d5b82f8e259d3ce_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c3ab73f703441fe2e8043aa3a3b2b6172dd62c5a05802adcdd70659a34db77c7_amd64",
"Red Hat Web Terminal 1.12:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:e444b528f0586cb771f8e550ec5b32b01f63a2b84c29b495efdf8de5965348b2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:22959
Vulnerability from csaf_redhat - Published: 2026-06-03 19:06 - Updated: 2026-07-14 05:24A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64 | — |
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64 | — |
Workaround
|
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Web Terminal Operator 1.14.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22959",
"url": "https://access.redhat.com/errata/RHSA-2026:22959"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-397",
"url": "https://redhat.atlassian.net/browse/WTO-397"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-404",
"url": "https://redhat.atlassian.net/browse/WTO-404"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-415",
"url": "https://redhat.atlassian.net/browse/WTO-415"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22959.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Web Terminal Operator 1.14.0 release.",
"tracking": {
"current_release_date": "2026-07-14T05:24:32+00:00",
"generator": {
"date": "2026-07-14T05:24:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:22959",
"initial_release_date": "2026-06-03T19:06:28+00:00",
"revision_history": [
{
"date": "2026-06-03T19:06:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-03T19:06:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T05:24:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.14",
"product": {
"name": "Red Hat Web Terminal 1.14",
"product_id": "Red Hat Web Terminal 1.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.14::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-exec-rhel9@sha256%3Aaaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-exec-rhel9\u0026tag=1780424928"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256%3A4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-rhel9-operator\u0026tag=1780425083"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-operator-bundle@sha256%3Ab718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-operator-bundle\u0026tag=1780424938"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256%3A7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-tooling-rhel9\u0026tag=1780424967"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64 as a component of Red Hat Web Terminal 1.14",
"product_id": "Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64 as a component of Red Hat Web Terminal 1.14",
"product_id": "Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64 as a component of Red Hat Web Terminal 1.14",
"product_id": "Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64 as a component of Red Hat Web Terminal 1.14",
"product_id": "Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:06:28+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.19 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22959"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:06:28+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.19 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22959"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in the Go `crypto/x509` package that could allow an attacker to bypass certificate validation. The vulnerability arises from an incorrect application of excluded DNS constraints to wildcard DNS Subject Alternative Names (SANs) when their case differs from the constraint. This could lead to Red Hat products accepting malicious certificates from otherwise trusted chains, compromising the trust model.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:06:28+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.19 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22959"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:aaa925acd7b21f923fe19c7feb91ec96218f873a38263d4a4bcea2e773b06444_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:b718e8e78ab364206bd889c7b4aba01b0475cb804dc361b54ad99331399587fd_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:4f71ca0ae28fb645ef2dd66b15f4995cb4411368918c4da28b31d818102fed55_amd64",
"Red Hat Web Terminal 1.14:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:7c5797371cb33199e0a9494bd82da2c4bf05ce045598640af33097fbee2ce90a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:22960
Vulnerability from csaf_redhat - Published: 2026-06-03 19:06 - Updated: 2026-07-14 05:24A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64 | — |
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Web Terminal Operator 1.11.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22960",
"url": "https://access.redhat.com/errata/RHSA-2026:22960"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-401",
"url": "https://redhat.atlassian.net/browse/WTO-401"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-412",
"url": "https://redhat.atlassian.net/browse/WTO-412"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22960.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Web Terminal Operator 1.11.1 release.",
"tracking": {
"current_release_date": "2026-07-14T05:24:32+00:00",
"generator": {
"date": "2026-07-14T05:24:32+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:22960",
"initial_release_date": "2026-06-03T19:06:34+00:00",
"revision_history": [
{
"date": "2026-06-03T19:06:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-03T19:06:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T05:24:32+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.11",
"product": {
"name": "Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.11::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-exec-rhel9@sha256%3Af6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-exec-rhel9\u0026tag=1780423339"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256%3A78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-rhel9-operator\u0026tag=1780423363"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-operator-bundle@sha256%3Acec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-operator-bundle\u0026tag=1780423245"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256%3Ab21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-tooling-rhel9\u0026tag=1780423332"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64 as a component of Red Hat Web Terminal 1.11",
"product_id": "Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.11"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:06:34+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in the Go `crypto/x509` package that could allow an attacker to bypass certificate validation. The vulnerability arises from an incorrect application of excluded DNS constraints to wildcard DNS Subject Alternative Names (SANs) when their case differs from the constraint. This could lead to Red Hat products accepting malicious certificates from otherwise trusted chains, compromising the trust model.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:06:34+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.16 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22960"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:f6846f4ca643e9472f3e438789e40418573d4bc1f1f9200a5876ca81c3fd36fb_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:cec86a878e36a05026d5fbb20070bcfdee682ff19ecfb6ab09d81ef46e6dd922_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:78adb6b9f3c90c8a5b52896f6cf64ad2687119996cafe6f7f97edd2cedd46734_amd64",
"Red Hat Web Terminal 1.11:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:b21f1c080c1f3adf93b9a128670467ca57aef5a0e3d5d8fc2be83eb74a046003_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:22961
Vulnerability from csaf_redhat - Published: 2026-06-03 19:07 - Updated: 2026-07-14 05:24A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64 | — |
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64 | — |
Workaround
|
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Web Terminal Operator 1.15.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22961",
"url": "https://access.redhat.com/errata/RHSA-2026:22961"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-398",
"url": "https://redhat.atlassian.net/browse/WTO-398"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-405",
"url": "https://redhat.atlassian.net/browse/WTO-405"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-416",
"url": "https://redhat.atlassian.net/browse/WTO-416"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22961.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.",
"tracking": {
"current_release_date": "2026-07-14T05:24:33+00:00",
"generator": {
"date": "2026-07-14T05:24:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:22961",
"initial_release_date": "2026-06-03T19:07:53+00:00",
"revision_history": [
{
"date": "2026-06-03T19:07:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-03T19:07:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T05:24:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.15",
"product": {
"name": "Red Hat Web Terminal 1.15",
"product_id": "Red Hat Web Terminal 1.15",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.15::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-exec-rhel9@sha256%3A5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-exec-rhel9\u0026tag=1780424829"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256%3A5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-rhel9-operator\u0026tag=1780424901"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-operator-bundle@sha256%3A0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-operator-bundle\u0026tag=1780424850"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256%3A0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-tooling-rhel9\u0026tag=1780424868"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64 as a component of Red Hat Web Terminal 1.15",
"product_id": "Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64 as a component of Red Hat Web Terminal 1.15",
"product_id": "Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64 as a component of Red Hat Web Terminal 1.15",
"product_id": "Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64 as a component of Red Hat Web Terminal 1.15",
"product_id": "Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:07:53+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.20 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:07:53+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.20 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22961"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in the Go `crypto/x509` package that could allow an attacker to bypass certificate validation. The vulnerability arises from an incorrect application of excluded DNS constraints to wildcard DNS Subject Alternative Names (SANs) when their case differs from the constraint. This could lead to Red Hat products accepting malicious certificates from otherwise trusted chains, compromising the trust model.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:07:53+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.20 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22961"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5befa6458e607653380dd9eb365716303b7deba759313849213367a3b56d8fcd_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:0e48134439b90bf039806daf1b4446ea047c0f55638fb273b12493c038aae065_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:5a1940fa7577523dc3d1e1435e48e496abdcc7303552a418614ec4137f64e040_amd64",
"Red Hat Web Terminal 1.15:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:0cd46a662d9a8ced0bd3145d49c7b02465acb6c3a985d0857f7592a6ee7a95e8_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:22962
Vulnerability from csaf_redhat - Published: 2026-06-03 19:07 - Updated: 2026-07-14 05:24A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64 | — |
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64 | — | ||
| Unresolved product id: Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Web Terminal Operator 1.13.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:22962",
"url": "https://access.redhat.com/errata/RHSA-2026:22962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32280",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-403",
"url": "https://redhat.atlassian.net/browse/WTO-403"
},
{
"category": "external",
"summary": "https://redhat.atlassian.net/browse/WTO-414",
"url": "https://redhat.atlassian.net/browse/WTO-414"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_22962.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Web Terminal Operator 1.13.0 release.",
"tracking": {
"current_release_date": "2026-07-14T05:24:33+00:00",
"generator": {
"date": "2026-07-14T05:24:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:22962",
"initial_release_date": "2026-06-03T19:07:57+00:00",
"revision_history": [
{
"date": "2026-06-03T19:07:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-03T19:08:06+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-14T05:24:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Web Terminal 1.13",
"product": {
"name": "Red Hat Web Terminal 1.13",
"product_id": "Red Hat Web Terminal 1.13",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:webterminal:1.13::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Web Terminal"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-exec-rhel9@sha256%3A5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-exec-rhel9\u0026tag=1780425080"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-rhel9-operator@sha256%3Ac8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-rhel9-operator\u0026tag=1780425024"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-operator-bundle@sha256%3Aff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-operator-bundle\u0026tag=1780425016"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64",
"product": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64",
"product_id": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64",
"product_identification_helper": {
"purl": "pkg:oci/web-terminal-tooling-rhel9@sha256%3Afb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281?arch=amd64\u0026repository_url=registry.redhat.io/web-terminal/web-terminal-tooling-rhel9\u0026tag=1780425125"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64 as a component of Red Hat Web Terminal 1.13",
"product_id": "Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64 as a component of Red Hat Web Terminal 1.13",
"product_id": "Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64 as a component of Red Hat Web Terminal 1.13",
"product_id": "Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.13"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64 as a component of Red Hat Web Terminal 1.13",
"product_id": "Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64"
},
"product_reference": "registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64",
"relates_to_product_reference": "Red Hat Web Terminal 1.13"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:07:57+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.18 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22962"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in the Go `crypto/x509` package that could allow an attacker to bypass certificate validation. The vulnerability arises from an incorrect application of excluded DNS constraints to wildcard DNS Subject Alternative Names (SANs) when their case differs from the constraint. This could lead to Red Hat products accepting malicious certificates from otherwise trusted chains, compromising the trust model.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64"
],
"known_not_affected": [
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-03T19:07:57+00:00",
"details": "To start using the Web Terminal Operator, install the Web Terminal Operator from OpenShift OperatorHub on OpenShift Container Platform 4.18 or higher.",
"product_ids": [
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:22962"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-exec-rhel9@sha256:5520b0338d4d24d7c167cfaf781702765d214ced986941d474d64d4c3cb37e6e_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-operator-bundle@sha256:ff65894cc6f9274dfa3c3a083c3159ca05807365c688438f1b90d04200ac0f9f_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-rhel9-operator@sha256:c8869b4951f6b4af39652783713e03adab69e9088f811ce15bf2c71c0de4ad14_amd64",
"Red Hat Web Terminal 1.13:registry.redhat.io/web-terminal/web-terminal-tooling-rhel9@sha256:fb6238202bc32b7787e640f18a19e2a1252faa0e324e41eed70104712cc86281_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:23102
Vulnerability from csaf_redhat - Published: 2026-06-04 02:16 - Updated: 2026-07-13 23:21A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for delve is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you\u0027re using a debugger, things aren\u0027t going your way. With that in mind, Delve should stay out of your way as much as possible.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:23102",
"url": "https://access.redhat.com/errata/RHSA-2026:23102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23102.json"
}
],
"title": "Red Hat Security Advisory: delve security update",
"tracking": {
"current_release_date": "2026-07-13T23:21:50+00:00",
"generator": {
"date": "2026-07-13T23:21:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:23102",
"initial_release_date": "2026-06-04T02:16:33+00:00",
"revision_history": [
{
"date": "2026-06-04T02:16:33+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-04T02:16:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:21:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.26.1-2.el10_2.src",
"product": {
"name": "delve-0:1.26.1-2.el10_2.src",
"product_id": "delve-0:1.26.1-2.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.26.1-2.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.26.1-2.el10_2.aarch64",
"product": {
"name": "delve-0:1.26.1-2.el10_2.aarch64",
"product_id": "delve-0:1.26.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.26.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"product": {
"name": "delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"product_id": "delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.26.1-2.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"product": {
"name": "delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"product_id": "delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.26.1-2.el10_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.26.1-2.el10_2.ppc64le",
"product": {
"name": "delve-0:1.26.1-2.el10_2.ppc64le",
"product_id": "delve-0:1.26.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.26.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"product": {
"name": "delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"product_id": "delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.26.1-2.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"product": {
"name": "delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"product_id": "delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.26.1-2.el10_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.26.1-2.el10_2.x86_64",
"product": {
"name": "delve-0:1.26.1-2.el10_2.x86_64",
"product_id": "delve-0:1.26.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.26.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.26.1-2.el10_2.x86_64",
"product": {
"name": "delve-debugsource-0:1.26.1-2.el10_2.x86_64",
"product_id": "delve-debugsource-0:1.26.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.26.1-2.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"product": {
"name": "delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"product_id": "delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.26.1-2.el10_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.26.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64"
},
"product_reference": "delve-0:1.26.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.26.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le"
},
"product_reference": "delve-0:1.26.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.26.1-2.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src"
},
"product_reference": "delve-0:1.26.1-2.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.26.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64"
},
"product_reference": "delve-0:1.26.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.26.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64"
},
"product_reference": "delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.26.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le"
},
"product_reference": "delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.26.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64"
},
"product_reference": "delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.26.1-2.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64"
},
"product_reference": "delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.26.1-2.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le"
},
"product_reference": "delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.26.1-2.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
},
"product_reference": "delve-debugsource-0:1.26.1-2.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T02:16:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23102"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T02:16:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T02:16:33+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23102"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.src",
"AppStream-10.2.Z:delve-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debuginfo-0:1.26.1-2.el10_2.x86_64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.aarch64",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.ppc64le",
"AppStream-10.2.Z:delve-debugsource-0:1.26.1-2.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
RHSA-2026:23103
Vulnerability from csaf_redhat - Published: 2026-06-04 01:47 - Updated: 2026-07-13 23:21A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for delve is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you\u0027re using a debugger, things aren\u0027t going your way. With that in mind, Delve should stay out of your way as much as possible.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:23103",
"url": "https://access.redhat.com/errata/RHSA-2026:23103"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_23103.json"
}
],
"title": "Red Hat Security Advisory: delve security update",
"tracking": {
"current_release_date": "2026-07-13T23:21:50+00:00",
"generator": {
"date": "2026-07-13T23:21:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:23103",
"initial_release_date": "2026-06-04T01:47:13+00:00",
"revision_history": [
{
"date": "2026-06-04T01:47:13+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-04T01:47:13+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-13T23:21:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux_eus:10.0"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.25.2-4.el10_0.src",
"product": {
"name": "delve-0:1.25.2-4.el10_0.src",
"product_id": "delve-0:1.25.2-4.el10_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.25.2-4.el10_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.25.2-4.el10_0.aarch64",
"product": {
"name": "delve-0:1.25.2-4.el10_0.aarch64",
"product_id": "delve-0:1.25.2-4.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.25.2-4.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"product": {
"name": "delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"product_id": "delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.25.2-4.el10_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"product": {
"name": "delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"product_id": "delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.25.2-4.el10_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.25.2-4.el10_0.ppc64le",
"product": {
"name": "delve-0:1.25.2-4.el10_0.ppc64le",
"product_id": "delve-0:1.25.2-4.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.25.2-4.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"product": {
"name": "delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"product_id": "delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.25.2-4.el10_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"product": {
"name": "delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"product_id": "delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.25.2-4.el10_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.25.2-4.el10_0.x86_64",
"product": {
"name": "delve-0:1.25.2-4.el10_0.x86_64",
"product_id": "delve-0:1.25.2-4.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.25.2-4.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.25.2-4.el10_0.x86_64",
"product": {
"name": "delve-debugsource-0:1.25.2-4.el10_0.x86_64",
"product_id": "delve-debugsource-0:1.25.2-4.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.25.2-4.el10_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"product": {
"name": "delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"product_id": "delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.25.2-4.el10_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.25.2-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64"
},
"product_reference": "delve-0:1.25.2-4.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.25.2-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le"
},
"product_reference": "delve-0:1.25.2-4.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.25.2-4.el10_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src"
},
"product_reference": "delve-0:1.25.2-4.el10_0.src",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.25.2-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64"
},
"product_reference": "delve-0:1.25.2-4.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.25.2-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64"
},
"product_reference": "delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.25.2-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le"
},
"product_reference": "delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.25.2-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64"
},
"product_reference": "delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.25.2-4.el10_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64"
},
"product_reference": "delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.25.2-4.el10_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le"
},
"product_reference": "delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.25.2-4.el10_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"product_id": "AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
},
"product_reference": "delve-debugsource-0:1.25.2-4.el10_0.x86_64",
"relates_to_product_reference": "AppStream-10.0.Z.E2S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32280",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:01:19.572351+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456339"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Go standard library packages `crypto/x509` and `crypto/tls`. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being performed. This can result in a denial of service (DoS) condition, making the affected system or application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go standard library\u0027s certificate chain building process. Systems utilizing Go applications that process untrusted TLS certificates or X.509 certificate chains are susceptible to resource exhaustion when presented with an excessive number of intermediate certificates, potentially leading to service unavailability. This flaw impacts applications directly using `crypto/x509` or `crypto/tls`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32280"
},
{
"category": "external",
"summary": "RHBZ#2456339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456339"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32280",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"category": "external",
"summary": "https://go.dev/cl/758320",
"url": "https://go.dev/cl/758320"
},
{
"category": "external",
"summary": "https://go.dev/issue/78282",
"url": "https://go.dev/issue/78282"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4947",
"url": "https://pkg.go.dev/vuln/GO-2026-4947"
}
],
"release_date": "2026-04-08T01:06:58.595000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T01:47:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23103"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T01:47:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23103"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in the Go `crypto/tls` package allows a remote attacker to cause a denial of service in applications using TLS 1.3. By sending multiple key update messages in a single record post-handshake, an attacker can trigger a connection deadlock, leading to uncontrolled resource consumption. This impacts Red Hat products utilizing the affected Go standard library for TLS 1.3 connections.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-04T01:47:13+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:23103"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.src",
"AppStream-10.0.Z.E2S:delve-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debuginfo-0:1.25.2-4.el10_0.x86_64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.aarch64",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.ppc64le",
"AppStream-10.0.Z.E2S:delve-debugsource-0:1.25.2-4.el10_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.