Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-32287 (GCVE-0-2026-32287)
Vulnerability from cvelistv5 – Published: 2026-03-26 19:40 – Updated: 2026-03-30 14:55
VLAI?
EPSS
Title
Infinite loop in github.com/antchfx/xpath
Summary
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
Severity ?
7.5 (High)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| github.com/antchfx/xpath | github.com/antchfx/xpath |
Affected:
0 , < 1.3.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-32287",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-30T14:12:30.141178Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-30T14:55:05.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "github.com/antchfx/xpath",
"product": "github.com/antchfx/xpath",
"programRoutines": [
{
"name": "logicalQuery.Select"
},
{
"name": "Expr.Evaluate"
},
{
"name": "NodeIterator.MoveNext"
},
{
"name": "ancestorQuery.Evaluate"
},
{
"name": "ancestorQuery.Select"
},
{
"name": "attributeQuery.Evaluate"
},
{
"name": "attributeQuery.Select"
},
{
"name": "booleanQuery.Evaluate"
},
{
"name": "booleanQuery.Select"
},
{
"name": "cachedChildQuery.Evaluate"
},
{
"name": "cachedChildQuery.Select"
},
{
"name": "childQuery.Evaluate"
},
{
"name": "childQuery.Select"
},
{
"name": "descendantOverDescendantQuery.Evaluate"
},
{
"name": "descendantOverDescendantQuery.Select"
},
{
"name": "descendantQuery.Evaluate"
},
{
"name": "descendantQuery.Select"
},
{
"name": "filterQuery.Evaluate"
},
{
"name": "filterQuery.Select"
},
{
"name": "followingQuery.Evaluate"
},
{
"name": "followingQuery.Select"
},
{
"name": "functionQuery.Evaluate"
},
{
"name": "groupQuery.Evaluate"
},
{
"name": "groupQuery.Select"
},
{
"name": "lastFuncQuery.Evaluate"
},
{
"name": "logicalQuery.Evaluate"
},
{
"name": "mergeQuery.Evaluate"
},
{
"name": "mergeQuery.Select"
},
{
"name": "numericQuery.Evaluate"
},
{
"name": "parentQuery.Evaluate"
},
{
"name": "parentQuery.Select"
},
{
"name": "precedingQuery.Evaluate"
},
{
"name": "precedingQuery.Select"
},
{
"name": "selfQuery.Evaluate"
},
{
"name": "selfQuery.Select"
},
{
"name": "transformFunctionQuery.Evaluate"
},
{
"name": "transformFunctionQuery.Select"
},
{
"name": "unionQuery.Evaluate"
},
{
"name": "unionQuery.Select"
}
],
"vendor": "github.com/antchfx/xpath",
"versions": [
{
"lessThan": "1.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as \"1=1\" or \"true()\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T19:40:52.142Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://github.com/antchfx/xpath/issues/121"
},
{
"url": "https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494"
},
{
"url": "https://github.com/golang/vulndb/issues/4526"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-4526"
}
],
"title": "Infinite loop in github.com/antchfx/xpath"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-32287",
"datePublished": "2026-03-26T19:40:52.142Z",
"dateReserved": "2026-03-11T16:38:46.556Z",
"dateUpdated": "2026-03-30T14:55:05.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-32287",
"date": "2026-05-18",
"epss": "0.00083",
"percentile": "0.24103"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-32287\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-03-26T20:16:12.403\",\"lastModified\":\"2026-04-21T15:33:09.517\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as \\\"1=1\\\" or \\\"true()\\\".\"},{\"lang\":\"es\",\"value\":\"Expresiones booleanas de XPath que se eval\u00faan como verdaderas pueden causar un bucle infinito en logicalQuery.Select, lo que lleva a un uso del 100% de la CPU. Esto puede ser activado por selectores de nivel superior como 1=1 o true().\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:antchfx:xpath:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"1.3.6\",\"matchCriteriaId\":\"9456C4F2-D4AD-4F6D-9520-00E6C5C4AB18\"}]}]}],\"references\":[{\"url\":\"https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/antchfx/xpath/issues/121\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/golang/vulndb/issues/4526\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4526\",\"source\":\"security@golang.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32287\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-30T14:12:30.141178Z\"}}}], \"references\": [{\"url\": \"https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-30T14:12:56.371Z\"}}], \"cna\": {\"title\": \"Infinite loop in github.com/antchfx/xpath\", \"affected\": [{\"vendor\": \"github.com/antchfx/xpath\", \"product\": \"github.com/antchfx/xpath\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.3.6\", \"versionType\": \"semver\"}], \"packageName\": \"github.com/antchfx/xpath\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"logicalQuery.Select\"}, {\"name\": \"Expr.Evaluate\"}, {\"name\": \"NodeIterator.MoveNext\"}, {\"name\": \"ancestorQuery.Evaluate\"}, {\"name\": \"ancestorQuery.Select\"}, {\"name\": \"attributeQuery.Evaluate\"}, {\"name\": \"attributeQuery.Select\"}, {\"name\": \"booleanQuery.Evaluate\"}, {\"name\": \"booleanQuery.Select\"}, {\"name\": \"cachedChildQuery.Evaluate\"}, {\"name\": \"cachedChildQuery.Select\"}, {\"name\": \"childQuery.Evaluate\"}, {\"name\": \"childQuery.Select\"}, {\"name\": \"descendantOverDescendantQuery.Evaluate\"}, {\"name\": \"descendantOverDescendantQuery.Select\"}, {\"name\": \"descendantQuery.Evaluate\"}, {\"name\": \"descendantQuery.Select\"}, {\"name\": \"filterQuery.Evaluate\"}, {\"name\": \"filterQuery.Select\"}, {\"name\": \"followingQuery.Evaluate\"}, {\"name\": \"followingQuery.Select\"}, {\"name\": \"functionQuery.Evaluate\"}, {\"name\": \"groupQuery.Evaluate\"}, {\"name\": \"groupQuery.Select\"}, {\"name\": \"lastFuncQuery.Evaluate\"}, {\"name\": \"logicalQuery.Evaluate\"}, {\"name\": \"mergeQuery.Evaluate\"}, {\"name\": \"mergeQuery.Select\"}, {\"name\": \"numericQuery.Evaluate\"}, {\"name\": \"parentQuery.Evaluate\"}, {\"name\": \"parentQuery.Select\"}, {\"name\": \"precedingQuery.Evaluate\"}, {\"name\": \"precedingQuery.Select\"}, {\"name\": \"selfQuery.Evaluate\"}, {\"name\": \"selfQuery.Select\"}, {\"name\": \"transformFunctionQuery.Evaluate\"}, {\"name\": \"transformFunctionQuery.Select\"}, {\"name\": \"unionQuery.Evaluate\"}, {\"name\": \"unionQuery.Select\"}]}], \"references\": [{\"url\": \"https://github.com/antchfx/xpath/issues/121\"}, {\"url\": \"https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494\"}, {\"url\": \"https://github.com/golang/vulndb/issues/4526\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4526\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as \\\"1=1\\\" or \\\"true()\\\".\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-03-26T19:40:52.142Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-32287\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-30T14:55:05.920Z\", \"dateReserved\": \"2026-03-11T16:38:46.556Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-03-26T19:40:52.142Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-32287
Vulnerability from fkie_nvd - Published: 2026-03-26 20:16 - Updated: 2026-04-21 15:33
Severity ?
Summary
Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
References
| URL | Tags | ||
|---|---|---|---|
| security@golang.org | https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494 | Patch | |
| security@golang.org | https://github.com/antchfx/xpath/issues/121 | Issue Tracking, Third Party Advisory | |
| security@golang.org | https://github.com/golang/vulndb/issues/4526 | Issue Tracking, Third Party Advisory | |
| security@golang.org | https://pkg.go.dev/vuln/GO-2026-4526 | Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:antchfx:xpath:*:*:*:*:*:go:*:*",
"matchCriteriaId": "9456C4F2-D4AD-4F6D-9520-00E6C5C4AB18",
"versionEndExcluding": "1.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Boolean XPath expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as \"1=1\" or \"true()\"."
},
{
"lang": "es",
"value": "Expresiones booleanas de XPath que se eval\u00faan como verdaderas pueden causar un bucle infinito en logicalQuery.Select, lo que lleva a un uso del 100% de la CPU. Esto puede ser activado por selectores de nivel superior como 1=1 o true()."
}
],
"id": "CVE-2026-32287",
"lastModified": "2026-04-21T15:33:09.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2026-03-26T20:16:12.403",
"references": [
{
"source": "security@golang.org",
"tags": [
"Patch"
],
"url": "https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494"
},
{
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/antchfx/xpath/issues/121"
},
{
"source": "security@golang.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/golang/vulndb/issues/4526"
},
{
"source": "security@golang.org",
"tags": [
"Third Party Advisory"
],
"url": "https://pkg.go.dev/vuln/GO-2026-4526"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select"
}
],
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cleanstart-2026-dq17669
Vulnerability from cleanstart
Published
2026-04-06 02:45
Modified
2026-04-03 07:13
Summary
Security fixes for CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32287, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, ghsa-37cx-329c-33x3, ghsa-6g7g-w4f8-9c9x, ghsa-fw7p-63qq-7hpr applied in versions: 1.13.2-r0, 1.14.1-r0, 1.14.1-r1
Details
Multiple security vulnerabilities affect the grafana-alloy package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "grafana-alloy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.1-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the grafana-alloy package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-DQ17669",
"modified": "2026-04-03T07:13:53Z",
"published": "2026-04-06T02:45:34.659600Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-DQ17669.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26958"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34165"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6g7g-w4f8-9c9x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26958"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34165"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32287, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, ghsa-37cx-329c-33x3, ghsa-6g7g-w4f8-9c9x, ghsa-fw7p-63qq-7hpr applied in versions: 1.13.2-r0, 1.14.1-r0, 1.14.1-r1",
"upstream": [
"CVE-2026-24051",
"CVE-2026-25934",
"CVE-2026-26958",
"CVE-2026-32287",
"CVE-2026-33186",
"CVE-2026-33762",
"CVE-2026-34165",
"ghsa-37cx-329c-33x3",
"ghsa-6g7g-w4f8-9c9x",
"ghsa-fw7p-63qq-7hpr"
]
}
cleanstart-2026-kc83705
Vulnerability from cleanstart
Published
2026-04-15 00:53
Modified
2026-04-14 09:04
Summary
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions
Details
Multiple security vulnerabilities affect the tempo package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "tempo"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.9.0-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the tempo package. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-KC83705",
"modified": "2026-04-14T09:04:57Z",
"published": "2026-04-15T00:53:10.163760Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-KC83705.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-11065"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-22868"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-61730"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-68119"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-28377"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32280"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32281"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32282"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32289"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33810"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34986"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2464-8j7c-4cjm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-78h2-9frx-2jm8"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-cfpf-hrx2-8rv6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f6x5-jh6r-wrfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fv92-fjc5-jj9h"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j5w8-q4qc-rx2x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-p77j-4mvh-x3m3"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11065"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28377"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32280"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions",
"upstream": [
"CVE-2025-11065",
"CVE-2025-22868",
"CVE-2025-61726",
"CVE-2025-61727",
"CVE-2025-61728",
"CVE-2025-61729",
"CVE-2025-61730",
"CVE-2025-68119",
"CVE-2026-24051",
"CVE-2026-28377",
"CVE-2026-32280",
"CVE-2026-32281",
"CVE-2026-32282",
"CVE-2026-32283",
"CVE-2026-32287",
"CVE-2026-32289",
"CVE-2026-33186",
"CVE-2026-33810",
"CVE-2026-34986",
"ghsa-2464-8j7c-4cjm",
"ghsa-78h2-9frx-2jm8",
"ghsa-cfpf-hrx2-8rv6",
"ghsa-f6x5-jh6r-wrfv",
"ghsa-fv92-fjc5-jj9h",
"ghsa-j5w8-q4qc-rx2x",
"ghsa-p77j-4mvh-x3m3"
]
}
cleanstart-2026-ml41879
Vulnerability from cleanstart
Published
2026-04-06 02:45
Modified
2026-04-03 07:11
Summary
Security fixes for CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32287, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, ghsa-37cx-329c-33x3, ghsa-6g7g-w4f8-9c9x, ghsa-fw7p-63qq-7hpr applied in versions: 1.13.2-r0, 1.14.0-r0, 1.14.0-r1, 1.14.1-r0
Details
Multiple security vulnerabilities affect the grafana-alloy package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "grafana-alloy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.14.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the grafana-alloy package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-ML41879",
"modified": "2026-04-03T07:11:16Z",
"published": "2026-04-06T02:45:36.057138Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-ML41879.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26958"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-32287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33762"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-34165"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-37cx-329c-33x3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6g7g-w4f8-9c9x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fw7p-63qq-7hpr"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24051"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25934"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26958"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33762"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34165"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2026-1229, CVE-2026-24051, CVE-2026-25934, CVE-2026-26958, CVE-2026-32287, CVE-2026-33186, CVE-2026-33762, CVE-2026-34165, ghsa-37cx-329c-33x3, ghsa-6g7g-w4f8-9c9x, ghsa-fw7p-63qq-7hpr applied in versions: 1.13.2-r0, 1.14.0-r0, 1.14.0-r1, 1.14.1-r0",
"upstream": [
"CVE-2026-1229",
"CVE-2026-24051",
"CVE-2026-25934",
"CVE-2026-26958",
"CVE-2026-32287",
"CVE-2026-33186",
"CVE-2026-33762",
"CVE-2026-34165",
"ghsa-37cx-329c-33x3",
"ghsa-6g7g-w4f8-9c9x",
"ghsa-fw7p-63qq-7hpr"
]
}
MSRC_CVE-2026-32287
Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-04-15 01:41Summary
Infinite loop in github.com/antchfx/xpath
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
7.5 (High)
Affected products
Fixed
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 21126-17086 | — | ||
| Unresolved product id: 21162-17086 | — | ||
| Unresolved product id: 21127-17084 | — |
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-3 | — | ||
| Unresolved product id: 17086-1 | — | ||
| Unresolved product id: 17084-2 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32287 Infinite loop in github.com/antchfx/xpath - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-32287.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Infinite loop in github.com/antchfx/xpath",
"tracking": {
"current_release_date": "2026-04-15T01:41:59.000Z",
"generator": {
"date": "2026-04-15T07:27:57.373Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-32287",
"initial_release_date": "2026-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-04-02T01:06:27.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-04-02T14:39:36.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-04-15T01:41:59.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 telegraf 1.29.4-22",
"product": {
"name": "\u003ccbl2 telegraf 1.29.4-22",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 telegraf 1.29.4-22",
"product": {
"name": "cbl2 telegraf 1.29.4-22",
"product_id": "21126"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 telegraf 1.31.0-17",
"product": {
"name": "\u003cazl3 telegraf 1.31.0-17",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "azl3 telegraf 1.31.0-17",
"product": {
"name": "azl3 telegraf 1.31.0-17",
"product_id": "21127"
}
}
],
"category": "product_name",
"name": "telegraf"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 terraform 1.3.2-30",
"product": {
"name": "\u003ccbl2 terraform 1.3.2-30",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 terraform 1.3.2-30",
"product": {
"name": "cbl2 terraform 1.3.2-30",
"product_id": "21162"
}
}
],
"category": "product_name",
"name": "terraform"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 telegraf 1.29.4-22 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 telegraf 1.29.4-22 as a component of CBL Mariner 2.0",
"product_id": "21126-17086"
},
"product_reference": "21126",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 terraform 1.3.2-30 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 terraform 1.3.2-30 as a component of CBL Mariner 2.0",
"product_id": "21162-17086"
},
"product_reference": "21162",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 telegraf 1.31.0-17 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 telegraf 1.31.0-17 as a component of Azure Linux 3.0",
"product_id": "21127-17084"
},
"product_reference": "21127",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32287",
"notes": [
{
"category": "general",
"text": "Go",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"21126-17086",
"21162-17086",
"21127-17084"
],
"known_affected": [
"17086-3",
"17086-1",
"17084-2"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-32287 Infinite loop in github.com/antchfx/xpath - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-32287.json"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17086-3",
"17086-1",
"17084-2"
]
}
],
"title": "Infinite loop in github.com/antchfx/xpath"
}
]
}
GHSA-65XW-VW82-R86X
Vulnerability from github – Published: 2026-03-29 15:19 – Updated: 2026-03-30 21:19
VLAI?
Summary
XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion
Details
Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as "1=1" or "true()".
Severity ?
7.5 (High)
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/antchfx/xpath"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-32287"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-29T15:19:45Z",
"nvd_published_at": "2026-03-26T20:16:12Z",
"severity": "HIGH"
},
"details": "Boolean expressions that evaluate to true can cause an infinite loop in logicalQuery.Select, leading to 100% CPU usage. This can be triggered by top-level selectors such as \"1=1\" or \"true()\".",
"id": "GHSA-65xw-vw82-r86x",
"modified": "2026-03-30T21:19:36Z",
"published": "2026-03-29T15:19:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32287"
},
{
"type": "WEB",
"url": "https://github.com/antchfx/xpath/issues/121"
},
{
"type": "WEB",
"url": "https://github.com/golang/vulndb/issues/4526"
},
{
"type": "WEB",
"url": "https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494"
},
{
"type": "PACKAGE",
"url": "https://github.com/antchfx/xpath"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4526"
},
{
"type": "WEB",
"url": "https://securityinfinity.com/research/infinite-loop-dos-in-antchfx-xpath-logicalquery-select"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "XPath: Boolean expression infinite loop leads to denial of service via CPU exhaustion"
}
RHSA-2026:9388
Vulnerability from csaf_redhat - Published: 2026-04-21 15:19 - Updated: 2026-05-19 08:01Summary
Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.9.2 release
Severity
Important
Notes
Topic: Red Hat build of OpenTelemetry 3.9.2 has been released
Details: This release of the Red Hat build of OpenTelemetry provides security improvements.
Breaking changes:
* None
Deprecations:
* None
Technology Preview features:
* None
Enhancements:
* None
Bug fixes:
* XPath library vulnerability is fixed: Previously, the 'github.com/antchfx/xpath' library was vulnerable to a denial of service (DoS) attack. This issue occurred because specially crafted boolean XPath expressions that evaluated to true caused an infinite loop in the 'logicalQuery.Select' function, leading to 100% CPU utilization. With this update, the XPath library properly handles these expressions and prevents infinite loops. As a result, the system is no longer vulnerable to this DoS condition. For more information, see https://access.redhat.com/security/cve/cve-2026-32287.
* gRPC-Go authorization bypass vulnerability is fixed: Previously, gRPC-Go was vulnerable to an authorization bypass attack. This issue occurred because the HTTP/2 ':path' pseudo-header was not properly validated. Remote attackers could send raw HTTP/2 frames with a malformed ':path' that omitted the mandatory leading slash to bypass defined security policies. With this update, gRPC-Go properly validates the ':path' pseudo-header and rejects malformed requests. As a result, attackers can no longer bypass security policies to gain unauthorized access to services or disclose information. For more information, see https://access.redhat.com/security/cve/cve-2026-33186.
* Go JOSE denial of service vulnerability is fixed: Previously, the Go JOSE library for handling JSON Web Encryption (JWE) objects was vulnerable to a denial of service (DoS) attack. This issue occurred because the application failed when decrypting a specially crafted JWE object that specified a key wrapping algorithm but contained an empty encrypted key field. With this update, Go JOSE properly validates the encrypted key field before decryption. As a result, the application no longer crashes when processing malformed JWE objects, and the service remains available to legitimate users. For more information, see https://access.redhat.com/security/cve/cve-2026-34986.
Known issues:
* The filesystem scraper does not produce the `system.filesystem.inodes.usage` and `system.filesystem.usage` metrics in the Host Metrics Receiver after upgrading from Collector version 0.142.0 to 0.143.0 or later. No known workaround exists. For more information, see https://issues.redhat.com/browse/TRACING-5963.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in github.com/antchfx/xpath. An attacker could exploit this vulnerability by providing specially crafted boolean XPath expressions that evaluate to true. This can cause an infinite loop within the logicalQuery.Select function, leading to 100% CPU utilization. The consequence is a Denial of Service (DoS) condition, making the affected system unresponsive.
6.2 (Medium)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64 | — |
Vendor Fix
fix
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64 | — | ||
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x | — |
Threats
Impact
Moderate
A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.
9.1 (Critical)
Affected products
Fixed
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x | — |
Vendor Fix
fix
Workaround
|
Known not affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64 | — |
Workaround
|
Threats
Impact
Important
A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.
7.5 (High)
Affected products
Fixed
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
9 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x | — |
Workaround
|
Threats
Impact
Important
References
26 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2026:9388 | self |
| https://access.redhat.com/security/cve/CVE-2026-32287 | external |
| https://access.redhat.com/security/cve/CVE-2026-33186 | external |
| https://access.redhat.com/security/cve/CVE-2026-34986 | external |
| https://access.redhat.com/security/updates/classi… | external |
| https://docs.redhat.com/en/documentation/openshif… | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2026-32287 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2451856 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-32287 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-32287 | external |
| https://github.com/antchfx/xpath/commit/afd4762cc… | external |
| https://github.com/antchfx/xpath/issues/121 | external |
| https://github.com/golang/vulndb/issues/4526 | external |
| https://pkg.go.dev/vuln/GO-2026-4526 | external |
| https://access.redhat.com/security/cve/CVE-2026-33186 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2449833 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-33186 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-33186 | external |
| https://github.com/grpc/grpc-go/security/advisori… | external |
| https://access.redhat.com/security/cve/CVE-2026-34986 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2455470 | external |
| https://www.cve.org/CVERecord?id=CVE-2026-34986 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2026-34986 | external |
| https://github.com/go-jose/go-jose/security/advis… | external |
| https://pkg.go.dev/github.com/go-jose/go-jose/v4#… | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat build of OpenTelemetry 3.9.2 has been released",
"title": "Topic"
},
{
"category": "general",
"text": "This release of the Red Hat build of OpenTelemetry provides security improvements.\n\n\nBreaking changes:\n\n* None\n\n\nDeprecations:\n\n* None\n\n\nTechnology Preview features:\n\n* None\n\n\nEnhancements:\n\n* None\n\n\nBug fixes:\n\n* XPath library vulnerability is fixed: Previously, the \u0027github.com/antchfx/xpath\u0027 library was vulnerable to a denial of service (DoS) attack. This issue occurred because specially crafted boolean XPath expressions that evaluated to true caused an infinite loop in the \u0027logicalQuery.Select\u0027 function, leading to 100% CPU utilization. With this update, the XPath library properly handles these expressions and prevents infinite loops. As a result, the system is no longer vulnerable to this DoS condition. For more information, see https://access.redhat.com/security/cve/cve-2026-32287.\n\n* gRPC-Go authorization bypass vulnerability is fixed: Previously, gRPC-Go was vulnerable to an authorization bypass attack. This issue occurred because the HTTP/2 \u0027:path\u0027 pseudo-header was not properly validated. Remote attackers could send raw HTTP/2 frames with a malformed \u0027:path\u0027 that omitted the mandatory leading slash to bypass defined security policies. With this update, gRPC-Go properly validates the \u0027:path\u0027 pseudo-header and rejects malformed requests. As a result, attackers can no longer bypass security policies to gain unauthorized access to services or disclose information. For more information, see https://access.redhat.com/security/cve/cve-2026-33186.\n\n* Go JOSE denial of service vulnerability is fixed: Previously, the Go JOSE library for handling JSON Web Encryption (JWE) objects was vulnerable to a denial of service (DoS) attack. This issue occurred because the application failed when decrypting a specially crafted JWE object that specified a key wrapping algorithm but contained an empty encrypted key field. With this update, Go JOSE properly validates the encrypted key field before decryption. As a result, the application no longer crashes when processing malformed JWE objects, and the service remains available to legitimate users. For more information, see https://access.redhat.com/security/cve/cve-2026-34986.\n\n\nKnown issues:\n\n* The filesystem scraper does not produce the `system.filesystem.inodes.usage` and `system.filesystem.usage` metrics in the Host Metrics Receiver after upgrading from Collector version 0.142.0 to 0.143.0 or later. No known workaround exists. For more information, see https://issues.redhat.com/browse/TRACING-5963.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9388",
"url": "https://access.redhat.com/errata/RHSA-2026:9388"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32287",
"url": "https://access.redhat.com/security/cve/CVE-2026-32287"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33186",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34986",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry",
"url": "https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/red_hat_build_of_opentelemetry"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9388.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.9.2 release",
"tracking": {
"current_release_date": "2026-05-19T08:01:00+00:00",
"generator": {
"date": "2026-05-19T08:01:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2026:9388",
"initial_release_date": "2026-04-21T15:19:05+00:00",
"revision_history": [
{
"date": "2026-04-21T15:19:05+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-21T15:19:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-19T08:01:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift distributed tracing 3.9.3",
"product": {
"name": "Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.9::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift distributed tracing"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-operator-bundle@sha256%3A333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776245088"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel9@sha256%3A7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel9-operator@sha256%3A5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185352"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel9@sha256%3Abcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497?arch=amd64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185328"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel9@sha256%3Aff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel9-operator@sha256%3A529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185352"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel9@sha256%3A28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb?arch=arm64\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185328"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel9@sha256%3A0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel9-operator@sha256%3A5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185352"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel9@sha256%3A9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99?arch=ppc64le\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185328"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-collector-rhel9@sha256%3A9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-rhel9-operator@sha256%3A270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185352"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x",
"product": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x",
"product_id": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opentelemetry-target-allocator-rhel9@sha256%3Aca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1?arch=s390x\u0026repository_url=registry.redhat.io/rhosdt\u0026tag=1776185328"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64 as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x as a component of Red Hat OpenShift distributed tracing 3.9.3",
"product_id": "Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
},
"product_reference": "registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x",
"relates_to_product_reference": "Red Hat OpenShift distributed tracing 3.9.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-32287",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-03-26T20:02:37.779428+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in github.com/antchfx/xpath. An attacker could exploit this vulnerability by providing specially crafted boolean XPath expressions that evaluate to true. This can cause an infinite loop within the logicalQuery.Select function, leading to 100% CPU utilization. The consequence is a Denial of Service (DoS) condition, making the affected system unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/antchfx/xpath: github.com/antchfx/xpath: Denial of Service due to infinite loop via boolean XPath expressions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32287"
},
{
"category": "external",
"summary": "RHBZ#2451856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32287",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32287"
},
{
"category": "external",
"summary": "https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494",
"url": "https://github.com/antchfx/xpath/commit/afd4762cc342af56345a3fb4002a59281fcab494"
},
{
"category": "external",
"summary": "https://github.com/antchfx/xpath/issues/121",
"url": "https://github.com/antchfx/xpath/issues/121"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4526",
"url": "https://github.com/golang/vulndb/issues/4526"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4526",
"url": "https://pkg.go.dev/vuln/GO-2026-4526"
}
],
"release_date": "2026-03-26T19:40:52.142000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:19:05+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9388"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "github.com/antchfx/xpath: github.com/antchfx/xpath: Denial of Service due to infinite loop via boolean XPath expressions"
},
{
"cve": "CVE-2026-33186",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-03-20T23:02:27.802640+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2449833"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 `:path` pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed `:path` that omits the mandatory leading slash. This allows the attacker to bypass defined security policies, potentially leading to unauthorized access to services or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "RHBZ#2449833",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449833"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33186",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33186"
},
{
"category": "external",
"summary": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3",
"url": "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3"
}
],
"release_date": "2026-03-20T22:23:32.147000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:19:05+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9388"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement infrastructure-level normalization to ensure all incoming HTTP/2 `:path` headers are properly formatted with a leading slash before reaching the gRPC-Go server. This can be achieved by configuring a reverse proxy or API gateway to validate and normalize the `:path` header. Ensure that any such intermediary is properly configured and restarted to apply the changes, which may temporarily impact service availability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation"
},
{
"cve": "CVE-2026-34986",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-06T17:01:34.639203+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455470"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64"
],
"known_not_affected": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "RHBZ#2455470",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455470"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34986"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34986"
},
{
"category": "external",
"summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8",
"url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants",
"url": "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants"
}
],
"release_date": "2026-04-06T16:22:45.353000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T15:19:05+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/operators/administrator-tasks#olm-upgrading-operators",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9388"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:0174a3a6a65cac3b13423b903c9038baaa37c6c3d6dbeee9918c5f576b4f5d7d_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:7c84cdf31817fe4584a5e8a1589f4c0f09f22aed8f75e6d694143c6a6065d330_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:9ef57417e79d78ca1a623357b5a58c384fdf3a2c954c3587b76cce8983a725e4_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-collector-rhel9@sha256:ff8b32e89a8550c5fac876f5869df8e93ba99b44e49d079a3375f638bc47dfd6_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-operator-bundle@sha256:333a0122b7f40e70c2fa34b7045cd119b2887612e247346a6f344bc998e363ea_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:270839ae96516ba23c72b7e9edd00df35c675e9043382233119b7f516cad858c_s390x",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:529bf355324a078400ca9e9a2dca7b641656cf7b5e735469c5253a2633bf1857_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5496393c7ed9c8f47de5817bf7f2432608b07342e5bfa4f30f4974d1e2a160fd_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-rhel9-operator@sha256:5bfd16612872059e740b630ad3aee5bcad70e91ff197df32fd04c437cc2e3506_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:28a837153e4b73c79ee93082656410084dee8d2a2a52146ad9a41d6fc8623dcb_arm64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:9c862dc8f1ec9c5c2ae2e636a52e62c119e27ce4496343ce07d45e431c93cf99_ppc64le",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:bcbe4340cb78e1bf4452f398f879ddb77a0bd18da35c4780f178887828152497_amd64",
"Red Hat OpenShift distributed tracing 3.9.3:registry.redhat.io/rhosdt/opentelemetry-target-allocator-rhel9@sha256:ca369b5151f39ae58f0ad3a27722cbf2abda1fffa68176b0075695f583de7ba1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…