Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-39821 (GCVE-0-2026-39821)
Vulnerability from cvelistv5 – Published: 2026-05-22 15:01 – Updated: 2026-07-10 12:05- CWE-1289 - Improper Validation of Unsafe Equivalence in Input
| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/net | golang.org/x/net/idna |
Affected:
0 , < 0.55.0
(semver)
|
|
| Red Hat | Red Hat OpenShift Container Platform 4.22 |
cpe:/a:redhat:openshift:4.22::el8 cpe:/a:redhat:openshift:4.22::el9 |
|
| Red Hat | RHEM 1.0 for RHEL 9 |
cpe:/a:redhat:edge_manager:1.0::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 8) |
cpe:/a:redhat:enterprise_linux:8::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Cluster Observability Operator 1.5.0 |
cpe:/a:redhat:cluster_observability_operator:1.5::el9 |
|
| Red Hat | DevWorkspace Operator 0.42 |
cpe:/a:redhat:devworkspace:0.42::el9 |
|
| Red Hat | Logging Subsystem for Red Hat OpenShift 6.4 |
cpe:/a:redhat:logging:6.4::el9 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2.13 |
cpe:/a:redhat:acm:2.13::el9 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.10 |
cpe:/a:redhat:advanced_cluster_security:4.10::el8 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.11 |
cpe:/a:redhat:advanced_cluster_security:4.11::el9 |
|
| Red Hat | Red Hat Advanced Cluster Security for Kubernetes 4.9 |
cpe:/a:redhat:advanced_cluster_security:4.9::el8 |
|
| Red Hat | Red Hat Edge Manager 1.0 |
cpe:/a:redhat:edge_manager:1.0::el9 |
|
| Red Hat | Red Hat Enterprise Linux AI 3.4 |
cpe:/a:redhat:enterprise_linux_ai:3.4::el9 |
|
| Red Hat | Red Hat Hardened Images |
cpe:/a:redhat:hummingbird:1 |
|
| Red Hat | Red Hat OpenShift Builds 1.7.4 |
cpe:/a:redhat:openshift_builds:1.7::el9 |
|
| Red Hat | Red Hat OpenShift Dev Spaces 3.29 |
cpe:/a:redhat:openshift_devspaces:3.29::el9 |
|
| Red Hat | Red Hat OpenShift GitOps 1.19 |
cpe:/a:redhat:openshift_gitops:1.19::el8 |
|
| Red Hat | Red Hat OpenShift GitOps 1.20 |
cpe:/a:redhat:openshift_gitops:1.20::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 2.6 |
cpe:/a:redhat:service_mesh:2.6::el8 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.1 |
cpe:/a:redhat:service_mesh:3.1::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.2 |
cpe:/a:redhat:service_mesh:3.2::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3.3 |
cpe:/a:redhat:service_mesh:3.3::el9 |
|
| Red Hat | Red Hat OpenShift Service Mesh 3 |
cpe:/a:redhat:service_mesh:3.0::el9 |
|
| Red Hat | Red Hat Openshift Data Foundation 4.22 |
cpe:/a:redhat:openshift_data_foundation:4.22::el9 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.4 |
cpe:/a:redhat:trusted_artifact_signer:1.4::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.6 |
cpe:/a:redhat:multicluster_engine:2.6::el8 |
|
| Red Hat | multicluster engine for Kubernetes 2.8 |
cpe:/a:redhat:multicluster_engine:2.8::el9 |
|
| Red Hat | multicluster engine for Kubernetes 2.9 |
cpe:/a:redhat:multicluster_engine:2.9::el9 |
|
| Red Hat | Assisted Installer for Red Hat OpenShift Container Platform 2 |
cpe:/a:redhat:assisted_installer:2 |
|
| Red Hat | cert-manager Operator for Red Hat OpenShift |
cpe:/a:redhat:cert_manager:1 |
|
| Red Hat | Compliance Operator |
cpe:/a:redhat:openshift_compliance_operator:1 |
|
| Red Hat | Confidential Compute Attestation |
cpe:/a:redhat:confidential_compute_attestation:1 |
|
| Red Hat | Deployment Validation Operator |
cpe:/a:redhat:deployment_validator_operator |
|
| Red Hat | External Secrets Operator for Red Hat OpenShift |
cpe:/a:redhat:external_secrets_operator:1 |
|
| Red Hat | Fence Agents Remediation Operator |
cpe:/a:redhat:workload_availability_far:0 |
|
| Red Hat | File Integrity Operator |
cpe:/a:redhat:openshift_file_integrity_operator:1 |
|
| Red Hat | Gatekeeper 3 |
cpe:/a:redhat:gatekeeper:3 |
|
| Red Hat | Logical Volume Manager Storage |
cpe:/a:redhat:lvms:4 |
|
| Red Hat | Machine Deletion Remediation Operator |
cpe:/a:redhat:workload_availability_mdr:0 |
|
| Red Hat | Migration Toolkit for Applications 8 |
cpe:/a:redhat:migration_toolkit_applications:8 |
|
| Red Hat | Migration Toolkit for Containers |
cpe:/a:redhat:rhmt:1 |
|
| Red Hat | Multiarch Tuning Operator |
cpe:/a:redhat:multiarch_tuning_operator |
|
| Red Hat | Multicluster Engine for Kubernetes |
cpe:/a:redhat:multicluster_engine |
|
| Red Hat | Multicluster Global Hub |
cpe:/a:redhat:multicluster_globalhub |
|
| Red Hat | Network Observability Operator |
cpe:/a:redhat:network_observ_optr:1 |
|
| Red Hat | Node HealthCheck Operator |
cpe:/a:redhat:workload_availability_nhc:0 |
|
| Red Hat | OpenShift API for Data Protection |
cpe:/a:redhat:openshift_api_data_protection:1 |
|
| Red Hat | OpenShift Developer Tools and Services |
cpe:/a:redhat:ocp_tools |
|
| Red Hat | OpenShift Lightspeed |
cpe:/a:redhat:openshift_lightspeed |
|
| Red Hat | OpenShift Pipelines |
cpe:/a:redhat:openshift_pipelines:1 |
|
| Red Hat | OpenShift Serverless |
cpe:/a:redhat:serverless:1 |
|
| Red Hat | Power monitoring for Red Hat OpenShift |
cpe:/a:redhat:openshift_power_monitoring |
|
| Red Hat | Red Hat 3scale API Management Platform 2 |
cpe:/a:redhat:red_hat_3scale_amp:2 |
|
| Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 |
cpe:/a:redhat:acm:2 |
|
| Red Hat | Red Hat Ansible Automation Platform 2 |
cpe:/a:redhat:ansible_automation_platform:2 |
|
| Red Hat | Red Hat Ceph Storage 5 |
cpe:/a:redhat:ceph_storage:5 |
|
| Red Hat | Red Hat Ceph Storage 6 |
cpe:/a:redhat:ceph_storage:6 |
|
| Red Hat | Red Hat Ceph Storage 8 |
cpe:/a:redhat:ceph_storage:8 |
|
| Red Hat | Red Hat Ceph Storage 9 |
cpe:/a:redhat:ceph_storage:9 |
|
| Red Hat | Red Hat Certification Program for Red Hat Enterprise Linux 9 |
cpe:/a:redhat:certifications:9 |
|
| Red Hat | Red Hat Connectivity Link 1 |
cpe:/a:redhat:connectivity_link:1 |
|
| Red Hat | Red Hat Developer Hub |
cpe:/a:redhat:rhdh:1 |
|
| Red Hat | Red Hat Enterprise Linux 10 |
cpe:/o:redhat:enterprise_linux:10 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux AI (RHEL AI) 3 |
cpe:/a:redhat:enterprise_linux_ai:3 |
|
| Red Hat | Red Hat Lightspeed for Runtimes Operator |
cpe:/a:redhat:lightspeed_for_runtimes:1 |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Cluster Manager CLI |
cpe:/a:redhat:openshift_cluster_manager_cli:1 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
|
| Red Hat | Red Hat OpenShift for Windows Containers |
cpe:/a:redhat:windows_machine_config |
|
| Red Hat | Red Hat OpenShift on AWS |
cpe:/a:redhat:openshift_service_on_aws:1 |
|
| Red Hat | Red Hat OpenShift Virtualization 4 |
cpe:/a:redhat:container_native_virtualization:4 |
|
| Red Hat | Red Hat OpenStack Platform 16.2 |
cpe:/a:redhat:openstack:16.2 |
|
| Red Hat | Red Hat OpenStack Platform 17.1 |
cpe:/a:redhat:openstack:17.1 |
|
| Red Hat | Red Hat Quay 3 |
cpe:/a:redhat:quay:3 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
|
| Red Hat | Red Hat Web Terminal |
cpe:/a:redhat:webterminal:1 |
|
| Red Hat | Security Profiles Operator |
cpe:/a:redhat:openshift_security_profiles_operator:1 |
|
| Red Hat | streams for Apache Kafka 3 |
cpe:/a:redhat:amq_streams:3 |
|
| Red Hat | Zero Trust Workload Identity Manager |
cpe:/a:redhat:zero_trust_workload_identity_manager:1 |
|
| Red Hat | Zero Trust Workload Identity Manager - Tech Preview |
cpe:/a:redhat:zero_trust_workload_identity_manager:0 |
|
| Red Hat | Cryostat 4 |
cpe:/a:redhat:cryostat:4 |
|
| Red Hat | Red Hat OpenStack Platform 18.0 |
cpe:/a:redhat:openstack:18.0 |
|
| Red Hat | Red Hat Service Interconnect 1 |
cpe:/a:redhat:service_interconnect:1 |
|
| Red Hat | Red Hat Service Interconnect 2 |
cpe:/a:redhat:service_interconnect:2 |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-39821",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-23T03:55:58.522682Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1289",
"description": "CWE-1289 Improper Validation of Unsafe Equivalence in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-27T13:13:15.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:openshift:4.22::el8",
"cpe:/a:redhat:openshift:4.22::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.22",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "RHEM 1.0 for RHEL 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cluster_observability_operator:1.5::el9"
],
"defaultStatus": "affected",
"product": "Cluster Observability Operator 1.5.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:devworkspace:0.42::el9"
],
"defaultStatus": "affected",
"product": "DevWorkspace Operator 0.42",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:logging:6.4::el9"
],
"defaultStatus": "affected",
"product": "Logging Subsystem for Red Hat OpenShift 6.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.10::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.11::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.11",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:advanced_cluster_security:4.9::el8"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:edge_manager:1.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Edge Manager 1.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI 3.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:hummingbird:1"
],
"defaultStatus": "affected",
"product": "Red Hat Hardened Images",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_builds:1.7::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Builds 1.7.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3.29::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Dev Spaces 3.29",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.19::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_gitops:1.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift GitOps 1.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:2.6::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.1::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.3::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3.3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_mesh:3.0::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Service Mesh 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_data_foundation:4.22::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Openshift Data Foundation 4.22",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.6::el8"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.8::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine:2.9::el9"
],
"defaultStatus": "affected",
"product": "multicluster engine for Kubernetes 2.9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:assisted_installer:2"
],
"defaultStatus": "affected",
"product": "Assisted Installer for Red Hat OpenShift Container Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cert_manager:1"
],
"defaultStatus": "affected",
"product": "cert-manager Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_compliance_operator:1"
],
"defaultStatus": "affected",
"product": "Compliance Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1"
],
"defaultStatus": "affected",
"product": "Confidential Compute Attestation",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:deployment_validator_operator"
],
"defaultStatus": "affected",
"product": "Deployment Validation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:external_secrets_operator:1"
],
"defaultStatus": "affected",
"product": "External Secrets Operator for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_far:0"
],
"defaultStatus": "affected",
"product": "Fence Agents Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_file_integrity_operator:1"
],
"defaultStatus": "affected",
"product": "File Integrity Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lvms:4"
],
"defaultStatus": "affected",
"product": "Logical Volume Manager Storage",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_mdr:0"
],
"defaultStatus": "affected",
"product": "Machine Deletion Remediation Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:migration_toolkit_applications:8"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Applications 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhmt:1"
],
"defaultStatus": "affected",
"product": "Migration Toolkit for Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multiarch_tuning_operator"
],
"defaultStatus": "affected",
"product": "Multiarch Tuning Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_engine"
],
"defaultStatus": "affected",
"product": "Multicluster Engine for Kubernetes",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:multicluster_globalhub"
],
"defaultStatus": "affected",
"product": "Multicluster Global Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:network_observ_optr:1"
],
"defaultStatus": "affected",
"product": "Network Observability Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:workload_availability_nhc:0"
],
"defaultStatus": "affected",
"product": "Node HealthCheck Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_api_data_protection:1"
],
"defaultStatus": "affected",
"product": "OpenShift API for Data Protection",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ocp_tools"
],
"defaultStatus": "affected",
"product": "OpenShift Developer Tools and Services",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_lightspeed"
],
"defaultStatus": "affected",
"product": "OpenShift Lightspeed",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_pipelines:1"
],
"defaultStatus": "affected",
"product": "OpenShift Pipelines",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:serverless:1"
],
"defaultStatus": "affected",
"product": "OpenShift Serverless",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_power_monitoring"
],
"defaultStatus": "affected",
"product": "Power monitoring for Red Hat OpenShift",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:red_hat_3scale_amp:2"
],
"defaultStatus": "affected",
"product": "Red Hat 3scale API Management Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:acm:2"
],
"defaultStatus": "affected",
"product": "Red Hat Advanced Cluster Management for Kubernetes 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ansible_automation_platform:2"
],
"defaultStatus": "affected",
"product": "Red Hat Ansible Automation Platform 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:5"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 5",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:6"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:8"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:ceph_storage:9"
],
"defaultStatus": "affected",
"product": "Red Hat Ceph Storage 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:certifications:9"
],
"defaultStatus": "affected",
"product": "Red Hat Certification Program for Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:connectivity_link:1"
],
"defaultStatus": "affected",
"product": "Red Hat Connectivity Link 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhdh:1"
],
"defaultStatus": "affected",
"product": "Red Hat Developer Hub",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_ai:3"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AI (RHEL AI) 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:lightspeed_for_runtimes:1"
],
"defaultStatus": "affected",
"product": "Red Hat Lightspeed for Runtimes Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_cluster_manager_cli:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Cluster Manager CLI",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:windows_machine_config"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift for Windows Containers",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_service_on_aws:1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift on AWS",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:container_native_virtualization:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Virtualization 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:16.2"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 16.2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:17.1"
],
"defaultStatus": "affected",
"product": "Red Hat OpenStack Platform 17.1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:quay:3"
],
"defaultStatus": "affected",
"product": "Red Hat Quay 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "affected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:webterminal:1"
],
"defaultStatus": "affected",
"product": "Red Hat Web Terminal",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_security_profiles_operator:1"
],
"defaultStatus": "affected",
"product": "Security Profiles Operator",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:amq_streams:3"
],
"defaultStatus": "affected",
"product": "streams for Apache Kafka 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:1"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:zero_trust_workload_identity_manager:0"
],
"defaultStatus": "affected",
"product": "Zero Trust Workload Identity Manager - Tech Preview",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:cryostat:4"
],
"defaultStatus": "unaffected",
"product": "Cryostat 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openstack:18.0"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenStack Platform 18.0",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:1"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 1",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:service_interconnect:2"
],
"defaultStatus": "unaffected",
"product": "Red Hat Service Interconnect 2",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-22T15:01:21.462Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1289",
"description": "Improper Validation of Unsafe Equivalence in Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T12:05:36.478Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"name": "RHBZ#2480756",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34789"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36796"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30855"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35827"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35826"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34357"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30853"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35830"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35831"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30854"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35828"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35829"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34359"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34342"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36808"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:34364"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30651"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26547"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36207"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:26546"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36651"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33531"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33524"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23262"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23264"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36648"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36820"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35994"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:35993"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33155"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33163"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33173"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33183"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33160"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:37387"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36797"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36105"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36167"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:30650"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:36883"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:34789: Red Hat OpenShift Container Platform 4.22"
},
{
"lang": "en",
"value": "RHSA-2026:36796: RHEM 1.0 for RHEL 9"
},
{
"lang": "en",
"value": "RHSA-2026:30855: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:35827: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:35826: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:34357: Red Hat Enterprise Linux AppStream (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:30853: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:35830: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:35831: Red Hat Enterprise Linux AppStream (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:30854: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:35828: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:35829: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:34359: Red Hat Enterprise Linux AppStream (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:34342: Cluster Observability Operator 1.5.0"
},
{
"lang": "en",
"value": "RHSA-2026:36808: DevWorkspace Operator 0.42"
},
{
"lang": "en",
"value": "RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4"
},
{
"lang": "en",
"value": "RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13"
},
{
"lang": "en",
"value": "RHSA-2026:26547: Red Hat Advanced Cluster Security for Kubernetes 4.10"
},
{
"lang": "en",
"value": "RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11"
},
{
"lang": "en",
"value": "RHSA-2026:26546: Red Hat Advanced Cluster Security for Kubernetes 4.9"
},
{
"lang": "en",
"value": "RHSA-2026:36651: Red Hat Edge Manager 1.0"
},
{
"lang": "en",
"value": "RHSA-2026:33531: Red Hat Enterprise Linux AI 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:33524: Red Hat Enterprise Linux AI 3.4"
},
{
"lang": "en",
"value": "RHSA-2026:23262: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:23264: Red Hat Hardened Images"
},
{
"lang": "en",
"value": "RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4"
},
{
"lang": "en",
"value": "RHSA-2026:36820: Red Hat OpenShift Dev Spaces 3.29"
},
{
"lang": "en",
"value": "RHSA-2026:35994: Red Hat OpenShift GitOps 1.19"
},
{
"lang": "en",
"value": "RHSA-2026:35993: Red Hat OpenShift GitOps 1.20"
},
{
"lang": "en",
"value": "RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1"
},
{
"lang": "en",
"value": "RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2"
},
{
"lang": "en",
"value": "RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3"
},
{
"lang": "en",
"value": "RHSA-2026:33160: Red Hat OpenShift Service Mesh 3"
},
{
"lang": "en",
"value": "RHSA-2026:37387: Red Hat Openshift Data Foundation 4.22"
},
{
"lang": "en",
"value": "RHSA-2026:36797: Red Hat Trusted Artifact Signer 1.4"
},
{
"lang": "en",
"value": "RHSA-2026:36105: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:36167: multicluster engine for Kubernetes 2.6"
},
{
"lang": "en",
"value": "RHSA-2026:30650: multicluster engine for Kubernetes 2.8"
},
{
"lang": "en",
"value": "RHSA-2026:36883: multicluster engine for Kubernetes 2.9"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-22T16:00:52.844Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-22T15:01:21.462Z",
"value": "Made public."
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"workarounds": [
{
"lang": "en",
"value": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/net/idna",
"product": "golang.org/x/net/idna",
"programRoutines": [
{
"name": "Profile.process"
},
{
"name": "Profile.ToASCII"
},
{
"name": "Profile.ToUnicode"
},
{
"name": "ToASCII"
},
{
"name": "ToUnicode"
}
],
"vendor": "golang.org/x/net",
"versions": [
{
"lessThan": "0.55.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "KC1zs4 (https://github.com/KC1zs4)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1289: Improper Validation of Unsafe Equivalence in Input",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-22T15:01:21.462Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/767220"
},
{
"url": "https://go.dev/issue/78760"
},
{
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"title": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2026-39821",
"datePublished": "2026-05-22T15:01:21.462Z",
"dateReserved": "2026-04-07T18:13:03.526Z",
"dateUpdated": "2026-07-10T12:05:36.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-39821",
"date": "2026-07-10",
"epss": "0.00478",
"percentile": "0.37952"
},
"microsoft_vex": {
"current_release_date": "2026-06-19T14:40:22.000Z",
"cve": "CVE-2026-39821",
"id": "msrc_CVE-2026-39821",
"initial_release_date": "2026-05-02T00:00:00.000Z",
"product_status:fixed": "50",
"product_status:known_affected": "52",
"product_status:known_not_affected": "4",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-39821.json",
"version": "11"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-39821\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-05-22T16:16:20.410\",\"lastModified\":\"2026-07-10T12:16:44.313\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\\\"xn--example-.com\\\") incorrectly returns the name \\\"example.com\\\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \\\"example.com\\\" but permit \\\"xn--example-.com\\\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \\\"example.com\\\".\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"golang.org/x/net\",\"product\":\"golang.org/x/net/idna\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/net/idna\",\"programRoutines\":[{\"name\":\"Profile.process\"},{\"name\":\"Profile.ToASCII\"},{\"name\":\"Profile.ToUnicode\"},{\"name\":\"ToASCII\"},{\"name\":\"ToUnicode\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.55.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.22\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.22::el8\",\"cpe:/a:redhat:openshift:4.22::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"RHEM 1.0 for RHEL 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cluster Observability Operator 1.5.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"DevWorkspace Operator 0.42\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:devworkspace:0.42::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logging Subsystem for Red Hat OpenShift 6.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:logging:6.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.11\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.11::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Security for Kubernetes 4.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Edge Manager 1.0\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:edge_manager:1.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI 3.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Hardened Images\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:hummingbird:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Builds 1.7.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_builds:1.7::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces 3.29\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3.29::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.19::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift GitOps 1.20\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_gitops:1.20::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.1::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3.3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.3::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Service Mesh 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:service_mesh:3.0::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Openshift Data Foundation 4.22\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_data_foundation:4.22::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.6::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.8::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"multicluster engine for Kubernetes 2.9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine:2.9::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Assisted Installer for Red Hat OpenShift Container Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:assisted_installer:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"cert-manager Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:cert_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Compliance Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_compliance_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Confidential Compute Attestation\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:confidential_compute_attestation:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Deployment Validation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:deployment_validator_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"External Secrets Operator for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:external_secrets_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Fence Agents Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_far:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"File Integrity Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_file_integrity_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Gatekeeper 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:gatekeeper:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Logical Volume Manager Storage\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lvms:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Machine Deletion Remediation Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_mdr:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Applications 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:migration_toolkit_applications:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Migration Toolkit for Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhmt:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multiarch Tuning Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multiarch_tuning_operator\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Engine for Kubernetes\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_engine\"]},{\"vendor\":\"Red Hat\",\"product\":\"Multicluster Global Hub\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:multicluster_globalhub\"]},{\"vendor\":\"Red Hat\",\"product\":\"Network Observability Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:network_observ_optr:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Node HealthCheck Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:workload_availability_nhc:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift API for Data Protection\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_api_data_protection:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Developer Tools and Services\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ocp_tools\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Lightspeed\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_lightspeed\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Pipelines\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_pipelines:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"OpenShift Serverless\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:serverless:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Power monitoring for Red Hat OpenShift\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_power_monitoring\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat 3scale API Management Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:red_hat_3scale_amp:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Advanced Cluster Management for Kubernetes 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:acm:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ansible Automation Platform 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ansible_automation_platform:2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 5\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:5\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Ceph Storage 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:ceph_storage:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Certification Program for Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:certifications:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Connectivity Link 1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:connectivity_link:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Developer Hub\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhdh:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AI (RHEL AI) 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_ai:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Lightspeed for Runtimes Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:lightspeed_for_runtimes:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Cluster Manager CLI\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift for Windows Containers\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:windows_machine_config\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift on AWS\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_service_on_aws:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Virtualization 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:container_native_virtualization:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 16.2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:16.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 17.1\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openstack:17.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Quay 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:quay:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Web Terminal\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:webterminal:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Security Profiles Operator\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift_security_profiles_operator:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"streams for Apache Kafka 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:amq_streams:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Zero Trust Workload Identity Manager - Tech Preview\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Cryostat 4\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:cryostat:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenStack Platform 18.0\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openstack:18.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 1\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Service Interconnect 2\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:service_interconnect:2\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":5.8},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":5.8}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-23T03:55:58.522682Z\",\"id\":\"CVE-2026-39821\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1289\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1289\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:net:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.55.0\",\"matchCriteriaId\":\"38C86E7B-A1CA-4670-B113-FC9585261F6F\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/767220\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://go.dev/issue/78760\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-5026\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23262\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23264\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26546\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:26547\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30650\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30651\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30853\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30854\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:30855\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33155\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33160\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33163\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33173\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33183\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33524\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33531\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34342\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34357\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34359\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34364\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:34789\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35826\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35827\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35828\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35829\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35830\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35831\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35993\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:35994\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36105\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36167\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36207\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36648\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36651\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36796\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36797\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36808\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36820\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:36883\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:37387\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-39821\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2480756\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-10T16:47:01+00:00",
"cve": "CVE-2026-39821",
"id": "CVE-2026-39821",
"initial_release_date": "2026-05-22T15:01:21.462000+00:00",
"product_status:fixed": "526",
"product_status:known_affected": "276",
"product_status:known_not_affected": "1001",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.2, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:openshift:4.22::el8\", \"cpe:/a:redhat:openshift:4.22::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4.22\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cluster_observability_operator:1.5::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Cluster Observability Operator 1.5.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:logging:6.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Logging Subsystem for Red Hat OpenShift 6.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2.13::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2.13\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.10::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.11::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.11\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:advanced_cluster_security:4.9::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Security for Kubernetes 4.9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI 3.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:hummingbird:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Hardened Images\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_builds:1.7::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Builds 1.7.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1.19::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps 1.19\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_gitops:1.20::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift GitOps 1.20\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.0::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.0\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.1::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:service_mesh:3.3::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Service Mesh 3.3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.6::el8\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine:2.8::el9\"], \"vendor\": \"Red Hat\", \"product\": \"multicluster engine for Kubernetes 2.8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:assisted_installer:2\"], \"vendor\": \"Red Hat\", \"product\": \"Assisted Installer for Red Hat OpenShift Container Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cert_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"cert-manager Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_compliance_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"Compliance Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1\"], \"vendor\": \"Red Hat\", \"product\": \"Confidential Compute Attestation\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:cryostat:4\"], \"vendor\": \"Red Hat\", \"product\": \"Cryostat 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:deployment_validator_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Deployment Validation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:external_secrets_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"External Secrets Operator for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_far:0\"], \"vendor\": \"Red Hat\", \"product\": \"Fence Agents Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_file_integrity_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"File Integrity Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:gatekeeper:3\"], \"vendor\": \"Red Hat\", \"product\": \"Gatekeeper 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lvms:4\"], \"vendor\": \"Red Hat\", \"product\": \"Logical Volume Manager Storage\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_mdr:0\"], \"vendor\": \"Red Hat\", \"product\": \"Machine Deletion Remediation Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:migration_toolkit_applications:8\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Applications 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhmt:1\"], \"vendor\": \"Red Hat\", \"product\": \"Migration Toolkit for Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multiarch_tuning_operator\"], \"vendor\": \"Red Hat\", \"product\": \"Multiarch Tuning Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_engine\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Engine for Kubernetes\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:multicluster_globalhub\"], \"vendor\": \"Red Hat\", \"product\": \"Multicluster Global Hub\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:network_observ_optr:1\"], \"vendor\": \"Red Hat\", \"product\": \"Network Observability Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:workload_availability_nhc:0\"], \"vendor\": \"Red Hat\", \"product\": \"Node HealthCheck Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_api_data_protection:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift API for Data Protection\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ocp_tools\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Developer Tools and Services\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_lightspeed\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Lightspeed\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_pipelines:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Pipelines\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:serverless:1\"], \"vendor\": \"Red Hat\", \"product\": \"OpenShift Serverless\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_power_monitoring\"], \"vendor\": \"Red Hat\", \"product\": \"Power monitoring for Red Hat OpenShift\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:red_hat_3scale_amp:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat 3scale API Management Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:acm:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Advanced Cluster Management for Kubernetes 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ansible_automation_platform:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ansible Automation Platform 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:5\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 5\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:ceph_storage:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Ceph Storage 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:certifications:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Certification Program for Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:connectivity_link:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Connectivity Link 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhdh:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Developer Hub\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:edge_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Edge Manager 1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_ai:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AI (RHEL AI) 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:lightspeed_for_runtimes:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Lightspeed for Runtimes Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_cluster_manager_cli:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Cluster Manager CLI\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:devworkspace\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Workspaces Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:windows_machine_config\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift for Windows Containers\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_service_on_aws:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift on AWS\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:container_native_virtualization:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Virtualization 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:16.2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 16.2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:17.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 17.1\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:quay:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Quay 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:webterminal:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Web Terminal\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_security_profiles_operator:1\"], \"vendor\": \"Red Hat\", \"product\": \"Security Profiles Operator\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:amq_streams:3\"], \"vendor\": \"Red Hat\", \"product\": \"streams for Apache Kafka 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:1\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:zero_trust_workload_identity_manager:0\"], \"vendor\": \"Red Hat\", \"product\": \"Zero Trust Workload Identity Manager - Tech Preview\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_data_foundation:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Openshift Data Foundation 4\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openstack:18.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenStack Platform 18.0\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 1\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:service_interconnect:2\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Service Interconnect 2\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-22T16:00:52.844Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-22T15:01:21.462Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:34789: Red Hat OpenShift Container Platform 4.22\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30855: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35827: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35826: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34357: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30853: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35830: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35831: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30854: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35828: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35829: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34359: Red Hat Enterprise Linux AppStream (v. 9)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34342: Cluster Observability Operator 1.5.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:34364: Logging Subsystem for Red Hat OpenShift 6.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30651: Red Hat Advanced Cluster Management for Kubernetes 2.13\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26547: Red Hat Advanced Cluster Security for Kubernetes 4.10\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36207: Red Hat Advanced Cluster Security for Kubernetes 4.11\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:26546: Red Hat Advanced Cluster Security for Kubernetes 4.9\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33531: Red Hat Enterprise Linux AI 3.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33524: Red Hat Enterprise Linux AI 3.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23262: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:23264: Red Hat Hardened Images\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36648: Red Hat OpenShift Builds 1.7.4\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35994: Red Hat OpenShift GitOps 1.19\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:35993: Red Hat OpenShift GitOps 1.20\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33155: Red Hat OpenShift Service Mesh 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33160: Red Hat OpenShift Service Mesh 3.0\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33163: Red Hat OpenShift Service Mesh 3.1\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33173: Red Hat OpenShift Service Mesh 3.2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:33183: Red Hat OpenShift Service Mesh 3.3\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36105: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:36167: multicluster engine for Kubernetes 2.6\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:30650: multicluster engine for Kubernetes 2.8\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-22T15:01:21.462Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2026-39821\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2480756\", \"name\": \"RHBZ#2480756\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39821.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34789\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30855\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35827\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35826\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34357\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30853\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35830\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35831\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30854\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35828\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35829\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34359\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34342\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:34364\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30651\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26547\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36207\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:26546\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33531\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33524\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23262\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:23264\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36648\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35994\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:35993\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33155\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33160\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33163\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33173\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33183\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36105\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:36167\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:30650\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1289\", \"description\": \"Improper Validation of Unsafe Equivalence in Input\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-08T12:05:44.075Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.6, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-39821\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-23T03:55:58.522682Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1289\", \"description\": \"CWE-1289 Improper Validation of Unsafe Equivalence in Input\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-22T18:01:10.401Z\"}}], \"cna\": {\"title\": \"Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna\", \"credits\": [{\"lang\": \"en\", \"value\": \"KC1zs4 (https://github.com/KC1zs4)\"}], \"affected\": [{\"vendor\": \"golang.org/x/net\", \"product\": \"golang.org/x/net/idna\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.55.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/net/idna\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Profile.process\"}, {\"name\": \"Profile.ToASCII\"}, {\"name\": \"Profile.ToUnicode\"}, {\"name\": \"ToASCII\"}, {\"name\": \"ToUnicode\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/767220\"}, {\"url\": \"https://go.dev/issue/78760\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-5026\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\\\"xn--example-.com\\\") incorrectly returns the name \\\"example.com\\\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \\\"example.com\\\" but permit \\\"xn--example-.com\\\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \\\"example.com\\\".\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-1289: Improper Validation of Unsafe Equivalence in Input\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-05-22T15:01:21.462Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-39821\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-08T12:05:44.075Z\", \"dateReserved\": \"2026-04-07T18:13:03.526Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-05-22T15:01:21.462Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:35826
Vulnerability from csaf_redhat - Published: 2026-07-06 03:11 - Updated: 2026-07-10 16:54A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35826",
"url": "https://access.redhat.com/errata/RHSA-2026:35826"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35826.json"
}
],
"title": "Red Hat Security Advisory: grafana-pcp security update",
"tracking": {
"current_release_date": "2026-07-10T16:54:21+00:00",
"generator": {
"date": "2026-07-10T16:54:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35826",
"initial_release_date": "2026-07-06T03:11:36+00:00",
"revision_history": [
{
"date": "2026-07-06T03:11:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T03:11:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:54:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.3.0-7.el10_2.src",
"product": {
"name": "grafana-pcp-0:5.3.0-7.el10_2.src",
"product_id": "grafana-pcp-0:5.3.0-7.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.3.0-7.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.3.0-7.el10_2.aarch64",
"product": {
"name": "grafana-pcp-0:5.3.0-7.el10_2.aarch64",
"product_id": "grafana-pcp-0:5.3.0-7.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.3.0-7.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64",
"product": {
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64",
"product_id": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.3.0-7.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64",
"product_id": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.3.0-7.el10_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.3.0-7.el10_2.ppc64le",
"product": {
"name": "grafana-pcp-0:5.3.0-7.el10_2.ppc64le",
"product_id": "grafana-pcp-0:5.3.0-7.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.3.0-7.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le",
"product": {
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le",
"product_id": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.3.0-7.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le",
"product": {
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le",
"product_id": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.3.0-7.el10_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.3.0-7.el10_2.s390x",
"product": {
"name": "grafana-pcp-0:5.3.0-7.el10_2.s390x",
"product_id": "grafana-pcp-0:5.3.0-7.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.3.0-7.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x",
"product": {
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x",
"product_id": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.3.0-7.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x",
"product": {
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x",
"product_id": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.3.0-7.el10_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.3.0-7.el10_2.x86_64",
"product": {
"name": "grafana-pcp-0:5.3.0-7.el10_2.x86_64",
"product_id": "grafana-pcp-0:5.3.0-7.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.3.0-7.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64",
"product": {
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64",
"product_id": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.3.0-7.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64",
"product_id": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.3.0-7.el10_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.3.0-7.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.aarch64"
},
"product_reference": "grafana-pcp-0:5.3.0-7.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.3.0-7.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.ppc64le"
},
"product_reference": "grafana-pcp-0:5.3.0-7.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.3.0-7.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.s390x"
},
"product_reference": "grafana-pcp-0:5.3.0-7.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.3.0-7.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.src"
},
"product_reference": "grafana-pcp-0:5.3.0-7.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.3.0-7.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.x86_64"
},
"product_reference": "grafana-pcp-0:5.3.0-7.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le"
},
"product_reference": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x"
},
"product_reference": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64"
},
"product_reference": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le"
},
"product_reference": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x"
},
"product_reference": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64"
},
"product_reference": "grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.src",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.x86_64",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T03:11:36+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.src",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.x86_64",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35826"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.src",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.x86_64",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.src",
"AppStream-10.2.Z:grafana-pcp-0:5.3.0-7.el10_2.x86_64",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-debuginfo-0:5.3.0-7.el10_2.x86_64",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.aarch64",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.s390x",
"AppStream-10.2.Z:grafana-pcp-debugsource-0:5.3.0-7.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
}
]
}
RHSA-2026:35827
Vulnerability from csaf_redhat - Published: 2026-07-06 02:40 - Updated: 2026-07-10 16:54A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nSecurity Fix(es):\n\n* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35827",
"url": "https://access.redhat.com/errata/RHSA-2026:35827"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35827.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-07-10T16:54:22+00:00",
"generator": {
"date": "2026-07-10T16:54:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35827",
"initial_release_date": "2026-07-06T02:40:16+00:00",
"revision_history": [
{
"date": "2026-07-06T02:40:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T02:40:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:54:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:10.2"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-27.el10_2.x86_64",
"product": {
"name": "grafana-0:10.2.6-27.el10_2.x86_64",
"product_id": "grafana-0:10.2.6-27.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-27.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-27.el10_2.x86_64",
"product": {
"name": "grafana-selinux-0:10.2.6-27.el10_2.x86_64",
"product_id": "grafana-selinux-0:10.2.6-27.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-27.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-27.el10_2.x86_64",
"product": {
"name": "grafana-debugsource-0:10.2.6-27.el10_2.x86_64",
"product_id": "grafana-debugsource-0:10.2.6-27.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-27.el10_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.x86_64",
"product": {
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.x86_64",
"product_id": "grafana-debuginfo-0:10.2.6-27.el10_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-27.el10_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-27.el10_2.src",
"product": {
"name": "grafana-0:10.2.6-27.el10_2.src",
"product_id": "grafana-0:10.2.6-27.el10_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-27.el10_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-27.el10_2.aarch64",
"product": {
"name": "grafana-0:10.2.6-27.el10_2.aarch64",
"product_id": "grafana-0:10.2.6-27.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-27.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-27.el10_2.aarch64",
"product": {
"name": "grafana-selinux-0:10.2.6-27.el10_2.aarch64",
"product_id": "grafana-selinux-0:10.2.6-27.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-27.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-27.el10_2.aarch64",
"product": {
"name": "grafana-debugsource-0:10.2.6-27.el10_2.aarch64",
"product_id": "grafana-debugsource-0:10.2.6-27.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-27.el10_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.aarch64",
"product": {
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.aarch64",
"product_id": "grafana-debuginfo-0:10.2.6-27.el10_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-27.el10_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-27.el10_2.ppc64le",
"product": {
"name": "grafana-0:10.2.6-27.el10_2.ppc64le",
"product_id": "grafana-0:10.2.6-27.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-27.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-27.el10_2.ppc64le",
"product": {
"name": "grafana-selinux-0:10.2.6-27.el10_2.ppc64le",
"product_id": "grafana-selinux-0:10.2.6-27.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-27.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-27.el10_2.ppc64le",
"product": {
"name": "grafana-debugsource-0:10.2.6-27.el10_2.ppc64le",
"product_id": "grafana-debugsource-0:10.2.6-27.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-27.el10_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le",
"product": {
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le",
"product_id": "grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-27.el10_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-27.el10_2.s390x",
"product": {
"name": "grafana-0:10.2.6-27.el10_2.s390x",
"product_id": "grafana-0:10.2.6-27.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-27.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-27.el10_2.s390x",
"product": {
"name": "grafana-selinux-0:10.2.6-27.el10_2.s390x",
"product_id": "grafana-selinux-0:10.2.6-27.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-27.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-27.el10_2.s390x",
"product": {
"name": "grafana-debugsource-0:10.2.6-27.el10_2.s390x",
"product_id": "grafana-debugsource-0:10.2.6-27.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-27.el10_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.s390x",
"product": {
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.s390x",
"product_id": "grafana-debuginfo-0:10.2.6-27.el10_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-27.el10_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-27.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.aarch64"
},
"product_reference": "grafana-0:10.2.6-27.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-27.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.ppc64le"
},
"product_reference": "grafana-0:10.2.6-27.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-27.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.s390x"
},
"product_reference": "grafana-0:10.2.6-27.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-27.el10_2.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.src"
},
"product_reference": "grafana-0:10.2.6-27.el10_2.src",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-27.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.x86_64"
},
"product_reference": "grafana-0:10.2.6-27.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.aarch64"
},
"product_reference": "grafana-debuginfo-0:10.2.6-27.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le"
},
"product_reference": "grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.s390x"
},
"product_reference": "grafana-debuginfo-0:10.2.6-27.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-27.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.x86_64"
},
"product_reference": "grafana-debuginfo-0:10.2.6-27.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-27.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.aarch64"
},
"product_reference": "grafana-debugsource-0:10.2.6-27.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-27.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.ppc64le"
},
"product_reference": "grafana-debugsource-0:10.2.6-27.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-27.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.s390x"
},
"product_reference": "grafana-debugsource-0:10.2.6-27.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-27.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.x86_64"
},
"product_reference": "grafana-debugsource-0:10.2.6-27.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-27.el10_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.aarch64"
},
"product_reference": "grafana-selinux-0:10.2.6-27.el10_2.aarch64",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-27.el10_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.ppc64le"
},
"product_reference": "grafana-selinux-0:10.2.6-27.el10_2.ppc64le",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-27.el10_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.s390x"
},
"product_reference": "grafana-selinux-0:10.2.6-27.el10_2.s390x",
"relates_to_product_reference": "AppStream-10.2.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-27.el10_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
"product_id": "AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.x86_64"
},
"product_reference": "grafana-selinux-0:10.2.6-27.el10_2.x86_64",
"relates_to_product_reference": "AppStream-10.2.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.src",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T02:40:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.src",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35827"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.src",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.src",
"AppStream-10.2.Z:grafana-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-debuginfo-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-debugsource-0:10.2.6-27.el10_2.x86_64",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.aarch64",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.ppc64le",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.s390x",
"AppStream-10.2.Z:grafana-selinux-0:10.2.6-27.el10_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
}
]
}
RHSA-2026:35828
Vulnerability from csaf_redhat - Published: 2026-07-06 03:11 - Updated: 2026-07-10 16:54A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nSecurity Fix(es):\n\n* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35828",
"url": "https://access.redhat.com/errata/RHSA-2026:35828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35828.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-07-10T16:54:23+00:00",
"generator": {
"date": "2026-07-10T16:54:23+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35828",
"initial_release_date": "2026-07-06T03:11:28+00:00",
"revision_history": [
{
"date": "2026-07-06T03:11:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T03:11:28+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:54:23+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-23.el9_8.src",
"product": {
"name": "grafana-0:10.2.6-23.el9_8.src",
"product_id": "grafana-0:10.2.6-23.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-23.el9_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-23.el9_8.aarch64",
"product": {
"name": "grafana-0:10.2.6-23.el9_8.aarch64",
"product_id": "grafana-0:10.2.6-23.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-23.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-23.el9_8.aarch64",
"product": {
"name": "grafana-selinux-0:10.2.6-23.el9_8.aarch64",
"product_id": "grafana-selinux-0:10.2.6-23.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-23.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-23.el9_8.aarch64",
"product": {
"name": "grafana-debugsource-0:10.2.6-23.el9_8.aarch64",
"product_id": "grafana-debugsource-0:10.2.6-23.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-23.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.aarch64",
"product": {
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.aarch64",
"product_id": "grafana-debuginfo-0:10.2.6-23.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-23.el9_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-23.el9_8.ppc64le",
"product": {
"name": "grafana-0:10.2.6-23.el9_8.ppc64le",
"product_id": "grafana-0:10.2.6-23.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-23.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-23.el9_8.ppc64le",
"product": {
"name": "grafana-selinux-0:10.2.6-23.el9_8.ppc64le",
"product_id": "grafana-selinux-0:10.2.6-23.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-23.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-23.el9_8.ppc64le",
"product": {
"name": "grafana-debugsource-0:10.2.6-23.el9_8.ppc64le",
"product_id": "grafana-debugsource-0:10.2.6-23.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-23.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le",
"product": {
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le",
"product_id": "grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-23.el9_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-23.el9_8.s390x",
"product": {
"name": "grafana-0:10.2.6-23.el9_8.s390x",
"product_id": "grafana-0:10.2.6-23.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-23.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-23.el9_8.s390x",
"product": {
"name": "grafana-selinux-0:10.2.6-23.el9_8.s390x",
"product_id": "grafana-selinux-0:10.2.6-23.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-23.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-23.el9_8.s390x",
"product": {
"name": "grafana-debugsource-0:10.2.6-23.el9_8.s390x",
"product_id": "grafana-debugsource-0:10.2.6-23.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-23.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.s390x",
"product": {
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.s390x",
"product_id": "grafana-debuginfo-0:10.2.6-23.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-23.el9_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:10.2.6-23.el9_8.x86_64",
"product": {
"name": "grafana-0:10.2.6-23.el9_8.x86_64",
"product_id": "grafana-0:10.2.6-23.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@10.2.6-23.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:10.2.6-23.el9_8.x86_64",
"product": {
"name": "grafana-selinux-0:10.2.6-23.el9_8.x86_64",
"product_id": "grafana-selinux-0:10.2.6-23.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@10.2.6-23.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:10.2.6-23.el9_8.x86_64",
"product": {
"name": "grafana-debugsource-0:10.2.6-23.el9_8.x86_64",
"product_id": "grafana-debugsource-0:10.2.6-23.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@10.2.6-23.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.x86_64",
"product": {
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.x86_64",
"product_id": "grafana-debuginfo-0:10.2.6-23.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@10.2.6-23.el9_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-23.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.aarch64"
},
"product_reference": "grafana-0:10.2.6-23.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-23.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.ppc64le"
},
"product_reference": "grafana-0:10.2.6-23.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-23.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.s390x"
},
"product_reference": "grafana-0:10.2.6-23.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-23.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.src"
},
"product_reference": "grafana-0:10.2.6-23.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:10.2.6-23.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.x86_64"
},
"product_reference": "grafana-0:10.2.6-23.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.aarch64"
},
"product_reference": "grafana-debuginfo-0:10.2.6-23.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le"
},
"product_reference": "grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.s390x"
},
"product_reference": "grafana-debuginfo-0:10.2.6-23.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:10.2.6-23.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.x86_64"
},
"product_reference": "grafana-debuginfo-0:10.2.6-23.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-23.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.aarch64"
},
"product_reference": "grafana-debugsource-0:10.2.6-23.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-23.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.ppc64le"
},
"product_reference": "grafana-debugsource-0:10.2.6-23.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-23.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.s390x"
},
"product_reference": "grafana-debugsource-0:10.2.6-23.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:10.2.6-23.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.x86_64"
},
"product_reference": "grafana-debugsource-0:10.2.6-23.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-23.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.aarch64"
},
"product_reference": "grafana-selinux-0:10.2.6-23.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-23.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.ppc64le"
},
"product_reference": "grafana-selinux-0:10.2.6-23.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-23.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.s390x"
},
"product_reference": "grafana-selinux-0:10.2.6-23.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:10.2.6-23.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.x86_64"
},
"product_reference": "grafana-selinux-0:10.2.6-23.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T03:11:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35828"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debuginfo-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-debugsource-0:10.2.6-23.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-selinux-0:10.2.6-23.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
}
]
}
RHSA-2026:35829
Vulnerability from csaf_redhat - Published: 2026-07-06 05:35 - Updated: 2026-07-10 16:54A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35829",
"url": "https://access.redhat.com/errata/RHSA-2026:35829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35829.json"
}
],
"title": "Red Hat Security Advisory: grafana-pcp security update",
"tracking": {
"current_release_date": "2026-07-10T16:54:24+00:00",
"generator": {
"date": "2026-07-10T16:54:24+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35829",
"initial_release_date": "2026-07-06T05:35:11+00:00",
"revision_history": [
{
"date": "2026-07-06T05:35:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T05:35:11+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:54:24+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-17.el9_8.src",
"product": {
"name": "grafana-pcp-0:5.1.1-17.el9_8.src",
"product_id": "grafana-pcp-0:5.1.1-17.el9_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-17.el9_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-17.el9_8.aarch64",
"product": {
"name": "grafana-pcp-0:5.1.1-17.el9_8.aarch64",
"product_id": "grafana-pcp-0:5.1.1-17.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-17.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64",
"product_id": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-17.el9_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-17.el9_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-17.el9_8.ppc64le",
"product": {
"name": "grafana-pcp-0:5.1.1-17.el9_8.ppc64le",
"product_id": "grafana-pcp-0:5.1.1-17.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-17.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le",
"product_id": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-17.el9_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-17.el9_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-17.el9_8.s390x",
"product": {
"name": "grafana-pcp-0:5.1.1-17.el9_8.s390x",
"product_id": "grafana-pcp-0:5.1.1-17.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-17.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x",
"product_id": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-17.el9_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-17.el9_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-17.el9_8.x86_64",
"product": {
"name": "grafana-pcp-0:5.1.1-17.el9_8.x86_64",
"product_id": "grafana-pcp-0:5.1.1-17.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-17.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64",
"product_id": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-17.el9_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-17.el9_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-17.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.aarch64"
},
"product_reference": "grafana-pcp-0:5.1.1-17.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-17.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.ppc64le"
},
"product_reference": "grafana-pcp-0:5.1.1-17.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-17.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.s390x"
},
"product_reference": "grafana-pcp-0:5.1.1-17.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-17.el9_8.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.src"
},
"product_reference": "grafana-pcp-0:5.1.1-17.el9_8.src",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-17.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.x86_64"
},
"product_reference": "grafana-pcp-0:5.1.1-17.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64",
"relates_to_product_reference": "AppStream-9.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T05:35:11+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35829"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.src",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-17.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-17.el9_8.x86_64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.aarch64",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.ppc64le",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.s390x",
"AppStream-9.8.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-17.el9_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
}
]
}
RHSA-2026:35830
Vulnerability from csaf_redhat - Published: 2026-07-06 03:52 - Updated: 2026-07-10 16:54A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB \u0026 OpenTSDB. \n\nSecurity Fix(es):\n\n* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35830",
"url": "https://access.redhat.com/errata/RHSA-2026:35830"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35830.json"
}
],
"title": "Red Hat Security Advisory: grafana security update",
"tracking": {
"current_release_date": "2026-07-10T16:54:25+00:00",
"generator": {
"date": "2026-07-10T16:54:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35830",
"initial_release_date": "2026-07-06T03:52:21+00:00",
"revision_history": [
{
"date": "2026-07-06T03:52:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T03:52:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:54:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-31.el8_10.src",
"product": {
"name": "grafana-0:9.2.10-31.el8_10.src",
"product_id": "grafana-0:9.2.10-31.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-31.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-31.el8_10.aarch64",
"product": {
"name": "grafana-0:9.2.10-31.el8_10.aarch64",
"product_id": "grafana-0:9.2.10-31.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-31.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-31.el8_10.aarch64",
"product": {
"name": "grafana-selinux-0:9.2.10-31.el8_10.aarch64",
"product_id": "grafana-selinux-0:9.2.10-31.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-31.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-31.el8_10.aarch64",
"product": {
"name": "grafana-debugsource-0:9.2.10-31.el8_10.aarch64",
"product_id": "grafana-debugsource-0:9.2.10-31.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-31.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.aarch64",
"product": {
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.aarch64",
"product_id": "grafana-debuginfo-0:9.2.10-31.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-31.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-31.el8_10.ppc64le",
"product": {
"name": "grafana-0:9.2.10-31.el8_10.ppc64le",
"product_id": "grafana-0:9.2.10-31.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-31.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-31.el8_10.ppc64le",
"product": {
"name": "grafana-selinux-0:9.2.10-31.el8_10.ppc64le",
"product_id": "grafana-selinux-0:9.2.10-31.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-31.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-31.el8_10.ppc64le",
"product": {
"name": "grafana-debugsource-0:9.2.10-31.el8_10.ppc64le",
"product_id": "grafana-debugsource-0:9.2.10-31.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-31.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le",
"product": {
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le",
"product_id": "grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-31.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-31.el8_10.x86_64",
"product": {
"name": "grafana-0:9.2.10-31.el8_10.x86_64",
"product_id": "grafana-0:9.2.10-31.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-31.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-31.el8_10.x86_64",
"product": {
"name": "grafana-selinux-0:9.2.10-31.el8_10.x86_64",
"product_id": "grafana-selinux-0:9.2.10-31.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-31.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-31.el8_10.x86_64",
"product": {
"name": "grafana-debugsource-0:9.2.10-31.el8_10.x86_64",
"product_id": "grafana-debugsource-0:9.2.10-31.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-31.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.x86_64",
"product": {
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.x86_64",
"product_id": "grafana-debuginfo-0:9.2.10-31.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-31.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-0:9.2.10-31.el8_10.s390x",
"product": {
"name": "grafana-0:9.2.10-31.el8_10.s390x",
"product_id": "grafana-0:9.2.10-31.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana@9.2.10-31.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-selinux-0:9.2.10-31.el8_10.s390x",
"product": {
"name": "grafana-selinux-0:9.2.10-31.el8_10.s390x",
"product_id": "grafana-selinux-0:9.2.10-31.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-selinux@9.2.10-31.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debugsource-0:9.2.10-31.el8_10.s390x",
"product": {
"name": "grafana-debugsource-0:9.2.10-31.el8_10.s390x",
"product_id": "grafana-debugsource-0:9.2.10-31.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debugsource@9.2.10-31.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.s390x",
"product": {
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.s390x",
"product_id": "grafana-debuginfo-0:9.2.10-31.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-debuginfo@9.2.10-31.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-31.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.aarch64"
},
"product_reference": "grafana-0:9.2.10-31.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-31.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.ppc64le"
},
"product_reference": "grafana-0:9.2.10-31.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-31.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.s390x"
},
"product_reference": "grafana-0:9.2.10-31.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-31.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.src"
},
"product_reference": "grafana-0:9.2.10-31.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-0:9.2.10-31.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.x86_64"
},
"product_reference": "grafana-0:9.2.10-31.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.aarch64"
},
"product_reference": "grafana-debuginfo-0:9.2.10-31.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le"
},
"product_reference": "grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.s390x"
},
"product_reference": "grafana-debuginfo-0:9.2.10-31.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debuginfo-0:9.2.10-31.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.x86_64"
},
"product_reference": "grafana-debuginfo-0:9.2.10-31.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-31.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.aarch64"
},
"product_reference": "grafana-debugsource-0:9.2.10-31.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-31.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.ppc64le"
},
"product_reference": "grafana-debugsource-0:9.2.10-31.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-31.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.s390x"
},
"product_reference": "grafana-debugsource-0:9.2.10-31.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-debugsource-0:9.2.10-31.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.x86_64"
},
"product_reference": "grafana-debugsource-0:9.2.10-31.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-31.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.aarch64"
},
"product_reference": "grafana-selinux-0:9.2.10-31.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-31.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.ppc64le"
},
"product_reference": "grafana-selinux-0:9.2.10-31.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-31.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.s390x"
},
"product_reference": "grafana-selinux-0:9.2.10-31.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-selinux-0:9.2.10-31.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.x86_64"
},
"product_reference": "grafana-selinux-0:9.2.10-31.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T03:52:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35830"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debuginfo-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-debugsource-0:9.2.10-31.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-selinux-0:9.2.10-31.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
}
]
}
RHSA-2026:35831
Vulnerability from csaf_redhat - Published: 2026-07-06 03:49 - Updated: 2026-07-10 16:54A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.\n\nSecurity Fix(es):\n\n* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35831",
"url": "https://access.redhat.com/errata/RHSA-2026:35831"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35831.json"
}
],
"title": "Red Hat Security Advisory: grafana-pcp security update",
"tracking": {
"current_release_date": "2026-07-10T16:54:25+00:00",
"generator": {
"date": "2026-07-10T16:54:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35831",
"initial_release_date": "2026-07-06T03:49:46+00:00",
"revision_history": [
{
"date": "2026-07-06T03:49:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T03:49:46+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:54:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-16.el8_10.src",
"product": {
"name": "grafana-pcp-0:5.1.1-16.el8_10.src",
"product_id": "grafana-pcp-0:5.1.1-16.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-16.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-16.el8_10.aarch64",
"product": {
"name": "grafana-pcp-0:5.1.1-16.el8_10.aarch64",
"product_id": "grafana-pcp-0:5.1.1-16.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-16.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64",
"product_id": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-16.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-16.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-16.el8_10.ppc64le",
"product": {
"name": "grafana-pcp-0:5.1.1-16.el8_10.ppc64le",
"product_id": "grafana-pcp-0:5.1.1-16.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-16.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le",
"product_id": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-16.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-16.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-16.el8_10.x86_64",
"product": {
"name": "grafana-pcp-0:5.1.1-16.el8_10.x86_64",
"product_id": "grafana-pcp-0:5.1.1-16.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-16.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64",
"product_id": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-16.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-16.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "grafana-pcp-0:5.1.1-16.el8_10.s390x",
"product": {
"name": "grafana-pcp-0:5.1.1-16.el8_10.s390x",
"product_id": "grafana-pcp-0:5.1.1-16.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp@5.1.1-16.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x",
"product": {
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x",
"product_id": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debugsource@5.1.1-16.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x",
"product": {
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x",
"product_id": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/grafana-pcp-debuginfo@5.1.1-16.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-16.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.aarch64"
},
"product_reference": "grafana-pcp-0:5.1.1-16.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-16.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.ppc64le"
},
"product_reference": "grafana-pcp-0:5.1.1-16.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-16.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.s390x"
},
"product_reference": "grafana-pcp-0:5.1.1-16.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-16.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.src"
},
"product_reference": "grafana-pcp-0:5.1.1-16.el8_10.src",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-0:5.1.1-16.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.x86_64"
},
"product_reference": "grafana-pcp-0:5.1.1-16.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64"
},
"product_reference": "grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64"
},
"product_reference": "grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T03:49:46+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35831"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.src",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-0:5.1.1-16.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debuginfo-0:5.1.1-16.el8_10.x86_64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.aarch64",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.ppc64le",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.s390x",
"AppStream-8.10.0.Z.MAIN.EUS:grafana-pcp-debugsource-0:5.1.1-16.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
}
]
}
RHSA-2026:35993
Vulnerability from csaf_redhat - Published: 2026-07-06 15:19 - Updated: 2026-07-10 16:54A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x | — |
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Important: Red Hat OpenShift GitOps v1.20.5 security update",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for Red Hat OpenShift GitOps.\nBug Fix(es) and Enhancement(s):\n* GITOPS-9568 (GitOps operator propagates argo CD tracking annotations to dynamic roleBindings)\n* GITOPS-9971 ([Image Updater] Self-hosted Quay images redirect to quay.io, not self-hosted URL )",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35993",
"url": "https://access.redhat.com/errata/RHSA-2026:35993"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.20/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.20/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35993.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps v1.20.5 security update",
"tracking": {
"current_release_date": "2026-07-10T16:54:29+00:00",
"generator": {
"date": "2026-07-10T16:54:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35993",
"initial_release_date": "2026-07-06T15:19:07+00:00",
"revision_history": [
{
"date": "2026-07-06T15:19:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T15:19:10+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:54:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.20",
"product": {
"name": "Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.20::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel9@sha256%3Abad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9\u0026tag=1782384460"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=1782385139"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel9@sha256%3A3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9\u0026tag=1782384202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel9@sha256%3A3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9\u0026tag=1782384503"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-image-updater-rhel9@sha256%3A1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9\u0026tag=1782383838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel9@sha256%3A522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel9\u0026tag=1782384538"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel9@sha256%3Aacabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel9\u0026tag=1782383826"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel9@sha256%3A58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel9\u0026tag=1782383824"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel9-operator@sha256%3A762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator\u0026tag=1782384102"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256%3A5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=1782446706"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel9@sha256%3Afae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel9\u0026tag=1782387394"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel9@sha256%3Aa087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9\u0026tag=1782384460"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=1782385139"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel9@sha256%3Afbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9\u0026tag=1782384202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel9@sha256%3Abc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9\u0026tag=1782384503"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-image-updater-rhel9@sha256%3A128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9\u0026tag=1782383838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel9@sha256%3A24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel9\u0026tag=1782384538"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel9@sha256%3Ab6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel9\u0026tag=1782383826"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel9@sha256%3Ad830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel9\u0026tag=1782383824"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel9-operator@sha256%3Af3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator\u0026tag=1782384102"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel9@sha256%3A7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel9\u0026tag=1782387394"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel9@sha256%3Af85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9\u0026tag=1782384460"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=1782385139"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel9@sha256%3Acc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9\u0026tag=1782384202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel9@sha256%3Ac5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9\u0026tag=1782384503"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-image-updater-rhel9@sha256%3A1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9\u0026tag=1782383838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel9@sha256%3A49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel9\u0026tag=1782384538"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel9@sha256%3A08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel9\u0026tag=1782383826"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel9@sha256%3A372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel9\u0026tag=1782383824"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel9-operator@sha256%3A284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator\u0026tag=1782384102"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel9@sha256%3Ae4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel9\u0026tag=1782387394"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel9@sha256%3A6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9\u0026tag=1782384460"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3Ac826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=1782385139"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel9@sha256%3Aef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9\u0026tag=1782384202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel9@sha256%3Aade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9\u0026tag=1782384503"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-image-updater-rhel9@sha256%3A562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9\u0026tag=1782383838"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel9@sha256%3A3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel9\u0026tag=1782384538"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel9@sha256%3A758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel9\u0026tag=1782383826"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel9@sha256%3A8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel9\u0026tag=1782383824"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel9-operator@sha256%3A4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator\u0026tag=1782384102"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel9@sha256%3Afd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel9\u0026tag=1782387394"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64 as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x as a component of Red Hat OpenShift GitOps 1.20",
"product_id": "Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.20"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:19:07+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35993"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:19:07+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35993"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:6b00d2186683697eef95372e7940fb2282590a56040cdb529a698f7513cf690c_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:a087a4139b693574b43c7f7000cb5adbd33e65cf4a7a924b176aa445f33d8a7e_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:bad330a10549c412490a17e52b5f57babfb9673480a02864f8e8a64c4cba3516_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel9@sha256:f85b391fbf5fca2e1afc30ab78837fe4f11050e61eff860b5da87ca6b35d96db_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:3fc61f793819741c803347cc1bfee2d2426bfeb17ac0c9e98b733cfd58d8d93d_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:cc9005e2b08fbb537e4cd30a51c3188b24fa0e1c748563307647368e22579ecd_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:ef93c183343d8744afba139cf25892ef20429b5acb593f70a0a5ee664f7d7394_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel9@sha256:fbbaab81bbf16c97882d331ecf25c5d10e2dc78e6ac777294b66d8e42f9dcbd5_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:3a2f823474b77b32725f395579574c7c2ceb4dbe70c19b505aad3fa3c29bccfd_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:ade8b73deebb3ff2948b716476af1cfc8ecc0f83e22bd8b11f261cbbb43d4f23_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:bc54a9dd627d1f52753b476e2207b98c670d6f1a998668f04e31f2d5e780c786_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel9@sha256:c5add8e64adc8f29754e99f6eb87864304a04bad45c68b3861f2ad1f654fa4a2_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:128ea1ffdb7a501922f6ba2d519ae86259cbfbc9279f1a935cff4518515ac434_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c0b4c4630149a1298a17abc0553589a36f74f679937b295558f55a84907e22c_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:1c841bd930e4e4e59df7e33210d544d6f080a7355f307893941df7414aa80eac_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel9@sha256:562d546a73bd85913e5f6774aae0629b3b827f5a3efc4dd6bca68105af74b1ca_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:2be7e32661d961809eb05cfe0ec2a101a563e66a9199b15ceaba2aac11ec1863_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:868dbe07b300c3d172ca709ccc55b97eb04ebb7fa3fb78c74b166cd4f9007701_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:99b964650352446c3e4551f3a22274d856fa7959e7eb24412cdd67459f9e5a2b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c826f87ba7007e6f88f549d6c817996ce7be0ec76dc4a9693e439ab4aa3885e1_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:24e488cf8f816a025aa4f02e6766bddc6ad31d7145352e6a741a9227aabb4e0c_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:3c36cd84145964c557f2e9ede0516882a58316b3aaf6e8919faae1e7f5580a3e_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:49d815500c37927509db7a58f76fcf54bd753ec8caedeb0d888d880257567ebc_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/console-plugin-rhel9@sha256:522cd7ab503899f297be157de010cdb749fae31b0c3aebd440cbef497b45b24e_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:08fcd104d1c0422b6f499da852eae72faea56805091ba616d05a844723780750_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:758b58aa9b60d12144e1225655a7a0cd93cd26a41fc2cf4b64f69054352cc580_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:acabb9904c17a48816b3030679b7444fb988791e5ac6c574815f8eb3be58b3fc_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/dex-rhel9@sha256:b6e50ce64be518fedfd801d960ffecfaabbb9f94fa811a22b6f4c2c8c2b788fa_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:5552180025966b3a68028a0bdb8a9437793514c1de023537f0319eb59b36ef7c_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:284affc582656126921f30fa0601f3c84b224cc762dfb334637630207a97b03d_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:4ae4efce50e6034b8763b0e3151c260fb64b5da98f1aeac2228ff31ec6ddbb07_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:762dc1af011eaed0ec3b7cdd62bc49b09b02ea46d241ef039644f426677ecc15_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9-operator@sha256:f3bcd107ca121ae0b3f49ced7999c2dff6284a7cb2c32d30e544ac3e8c6ff168_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:372bbb7b687a59b0515751378363c748a2a48742f12a8e6b5eccb8792cf3298b_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:58e269fe645d9fcd1d840ab053413e0086f4c347308b87f18f29f92877900994_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:8158736d03bd1a3858c0bef8470a7e142b71a84e96b2b3c3d216fd698d61536d_s390x",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/gitops-rhel9@sha256:d830521d99d35c90042f71452493e9a4a763f7ca4db771d271591af23cb6582a_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:7ccfa4a26bfe53ccfc19cef099742e103daf0ac36fcedfce3042310652b189ac_arm64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:e4ee4de4d75151601aa1c4a53d1cb0d0b494d350fbc81e85de420b6fa4283b84_ppc64le",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fae968b2abc36d4dd27080cb32c024ebd6711d4d8cd28e3d61cf9480ded1a9ce_amd64",
"Red Hat OpenShift GitOps 1.20:registry.redhat.io/openshift-gitops-1/must-gather-rhel9@sha256:fd77c850ba24cae6a44ae47ae3204f4948e0f07ea3aff7a67c32d5a202bd0e22_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
}
]
}
RHSA-2026:35994
Vulnerability from csaf_redhat - Published: 2026-07-06 15:19 - Updated: 2026-07-10 16:54A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x | — |
Workaround
|
A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Important: Red Hat OpenShift GitOps v1.19.5 security update",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for Red Hat OpenShift GitOps.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:35994",
"url": "https://access.redhat.com/errata/RHSA-2026:35994"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33811",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.19/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_gitops/1.19/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_35994.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift GitOps v1.19.5 security update",
"tracking": {
"current_release_date": "2026-07-10T16:54:27+00:00",
"generator": {
"date": "2026-07-10T16:54:27+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:35994",
"initial_release_date": "2026-07-06T15:19:12+00:00",
"revision_history": [
{
"date": "2026-07-06T15:19:12+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-06T15:19:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:54:27+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift GitOps 1.19",
"product": {
"name": "Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_gitops:1.19::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift GitOps"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3A6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=1782292352"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3A142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=1782291525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3Ab69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=1782292031"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3A86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8\u0026tag=1782293105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=1782290950"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-image-updater-rhel8@sha256%3A1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8\u0026tag=1782291351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3Ac5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=1782290387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3Abc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=1782290215"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3A940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=1782291052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3Af324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=1782290000"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3A1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db?arch=arm64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=1782291973"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3A77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=1782291525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3Aa8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=1782292031"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3A392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8\u0026tag=1782293105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=1782290950"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-image-updater-rhel8@sha256%3A8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8\u0026tag=1782291351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=1782290387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3A554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=1782290215"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3A480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=1782292352"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3Aa66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=1782291052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3Af38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=1782290000"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gitops-operator-bundle@sha256%3A22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-operator-bundle\u0026tag=1782313555"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3Ab8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=1782291973"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3A2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=1782291525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3A3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=1782292031"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3Ab3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8\u0026tag=1782293105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3A3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=1782290950"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-image-updater-rhel8@sha256%3A2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8\u0026tag=1782291351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=1782290387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3A840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=1782290215"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3A3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=1782292352"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3A4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=1782291052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3Ae106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=1782290000"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3A6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=1782291973"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argo-rollouts-rhel8@sha256%3A8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8\u0026tag=1782291525"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel8@sha256%3Ad34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel8\u0026tag=1782292031"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-agent-rhel8@sha256%3A11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8\u0026tag=1782293105"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-extensions-rhel8@sha256%3Ae424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8\u0026tag=1782290950"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-image-updater-rhel8@sha256%3Ad35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8\u0026tag=1782291351"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"product_identification_helper": {
"purl": "pkg:oci/argocd-rhel9@sha256%3A9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/argocd-rhel9\u0026tag=1782290387"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"product_identification_helper": {
"purl": "pkg:oci/console-plugin-rhel8@sha256%3Ae21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/console-plugin-rhel8\u0026tag=1782290215"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dex-rhel8@sha256%3A1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/dex-rhel8\u0026tag=1782292352"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8@sha256%3A2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8\u0026tag=1782291052"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gitops-rhel8-operator@sha256%3Afbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator\u0026tag=1782290000"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x",
"product": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x",
"product_id": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x",
"product_identification_helper": {
"purl": "pkg:oci/must-gather-rhel8@sha256%3Abf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650?arch=s390x\u0026repository_url=registry.redhat.io/openshift-gitops-1/must-gather-rhel8\u0026tag=1782291973"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64 as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x as a component of Red Hat OpenShift GitOps 1.19",
"product_id": "Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x"
},
"product_reference": "registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x",
"relates_to_product_reference": "Red Hat OpenShift GitOps 1.19"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-33811",
"cwe": {
"id": "CWE-1341",
"name": "Multiple Releases of Same Resource or Handle"
},
"discovery_date": "2026-05-07T20:01:34.913869+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2467822"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `net` package of Go (golang), specifically when using the `LookupCNAME` function with the `cgo` DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name (CNAME) response. This can trigger a double-free of C memory, leading to a crash and a Denial of Service (DoS) for the affected application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the Go `net` package, affecting applications configured to use the `cgo` DNS resolver. A remote attacker could trigger a double-free memory error by providing a very long CNAME response, leading to a crash of the vulnerable application and impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33811"
},
{
"category": "external",
"summary": "RHBZ#2467822",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467822"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33811",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33811"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33811"
},
{
"category": "external",
"summary": "https://go.dev/cl/767860",
"url": "https://go.dev/cl/767860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78803",
"url": "https://go.dev/issue/78803"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M",
"url": "https://groups.google.com/g/golang-announce/c/qcCIEXso47M"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4981",
"url": "https://pkg.go.dev/vuln/GO-2026-4981"
}
],
"release_date": "2026-05-07T19:41:19.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:19:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35994"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications can be configured to use the pure Go DNS resolver instead of the `cgo` DNS resolver. This can be achieved by setting the `GODEBUG` environment variable to `netdns=go`. For example, to run a Go application with this mitigation: `GODEBUG=netdns=go /path/to/your/go/application`. This change may require restarting affected applications or services to take effect. Users should verify that this change does not negatively impact DNS resolution for their specific application environment.",
"product_ids": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME"
},
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64"
],
"known_not_affected": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-06T15:19:12+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:35994"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:142f81e07068cb43fa22b798e3fd1f1cd0b54f2820bf8008f1c61114632be9a9_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:2b3f86ba682cce1753ca2abc3538c330ec78026863ace0a7303fb36f8530a09a_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:77341d5f25030515eed25537d224c4a8701322a58db9181cdfc925d4cab28eca_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argo-rollouts-rhel8@sha256:8cf8a6ae5212d2206bfca8033862a4fd812e41bd6683696a3f2c974a9fb5dd56_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:11d452ecde021dd5bcf0aa79c01c49074c0fcaa4561f71b1e71f940f99b6fc77_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:392359aa59f69afe8860a82a951659990437548916f92c97f4ec4cdaded2d0b0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:86e42d5047b3dfe9be543c43f06d9fc5c8d8ecaa2529b58ad47f30be9a4cd77f_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-agent-rhel8@sha256:b3cf24392920aaa725f287938d5e77d1525825d49ebd05b2ed3c7c0d4ed7a823_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:06a57559d48b63dcb7e0b939f9c9303aa5a3f5c32616c47c48c8161da5d8b530_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:3f6492a7edfdaa1282837277a83e4c247f4b689a9f9ac16766b3b0d8415330b1_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:786fcd7035e4e59926bb74ffa23628cd8c328b1eb890cd948fee216e563a272c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-extensions-rhel8@sha256:e424fd18276656ca4f7a29f3ca7c4184f51655c22d8136fbac49195201271a9e_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:1318ceaefef8c5e2ce3f7ae04e938a4458a5c0120eb77b7628ebbd1770edbd67_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:2046a561a59f47f856e40e138561586978d1d473a3fcd6eaea95fbca5d62eb66_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:8312842c2ae5637a43b3c1a933d47d148cd2ea2544978e55d9640d59523174b1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-image-updater-rhel8@sha256:d35ec5054ec806575e13854da072a39e47ed431260002f8ce2eaa09c67e454d0_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:3061b1d84759aa1c46379875593b0503a961930f9b18a5566866dd533cb5157e_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:a8b1fad3743f82ff1df3b6daed36096eabd827070b9426a76cb2bffa73d23f8e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:b69311dff750e993a9b4b0bdc5756012f32c0a644e8bac213267b6729addbf3c_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel8@sha256:d34b5b4cb79db418674b9210036d6acb12a35abb894e58ac56ac49e2dabbd7c3_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:13007a387398626756a013d64b64f941e548b9207fba487f1f2110c6ef7a2143_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:909e2f26afee68521775cf31d13dfaa3d16fdf736f7e7097aba987e15bba4183_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:9553897b4c43a1df0e15339cdb1a953d72963c400f47572fb04555ec49b5ad44_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/argocd-rhel9@sha256:c5317561de5e3c65588016e320afdcc9d1a8ae9a27a8f64fe03bf62e2e6914bf_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:554da1fb02ef3e4870cac383b50d2ab0374a9d8c42827cb909ca17121cd2d674_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:840cddc6e9803845f8216c670e251f3e412cecbdef40d543dabcee0e4d83bf4d_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:bc53ecb8ce0ab3d2a955c21f9e0b84b55e7d297f77b2ead6a71f3f7f58670691_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/console-plugin-rhel8@sha256:e21cad6af52b3ca67013d723df4a5b1b7e63044e83a5402b2fb365eeb5978635_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:1186f9afe02ad55310874f86544e7c966a4e3eddcab664ec363030ac4b6fed4f_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:3713138e73d479f2532f5380b065af0379d236596455448dbe8a1a17bc5780d2_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:480a339ce9d622d6371d4ef75f4ddf7840a2dda6d512496eaf6d930654ffb58a_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/dex-rhel8@sha256:6ffae033f5816f4448fb9bbc79359a1319251e5c1baab2bb9fdd60289ba542b8_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-operator-bundle@sha256:22419f173ef1d31a83d226bc3b23fb283db62a9693c8f1df0a5e2fb4b3b38df4_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:e106c87be2d6834217435a7583b40c3bc1a9ab92624cd1ad4219913cfe4b6463_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f324070b67fe44e3f4d7862f10fbcafb4dcabcfa4beb8b5e4ffe062800ab5989_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:f38c4f32c9c4eaa50ae99b8cb38e58aaf0c0c7eaa8275e211b3f81b023ddc0c0_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8-operator@sha256:fbe2b3bb5242f2d118d60dcd449858e7968d9eaff8c5ba5efcb2b36201ce8e0a_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:2513bd207d6ef60f16637b9a18dce2437844703afde603becdc50113823d8728_s390x",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:4c81a4f0d5a90edfc1da474af937e8c276579f0e1a87c77b93352f2ee7550eac_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:940596cd69f441ccd2dc6aedf77e0cdac328a55532734304703429e78f80f206_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/gitops-rhel8@sha256:a66508fb7b17486246be16bf381f0c629993482a7858f0b5f9ae2b2340d02ea1_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:1afe78f60cfeb8380eb63eae988b34354cd1de47dd07cf69defd272292e296db_arm64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:6fd7d8c42604912b271d672b159c7b5d43955d19afdbaa2b95f11fce589ce9da_ppc64le",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:b8c045203993fbb2e653c8bb8453254b1d9383827337e1148cf99f1aef00cf6e_amd64",
"Red Hat OpenShift GitOps 1.19:registry.redhat.io/openshift-gitops-1/must-gather-rhel8@sha256:bf83003061015154a7bf8c0a56c1ab639ae725bc7985ee296c341530dfd81650_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
}
]
}
RHSA-2026:36105
Vulnerability from csaf_redhat - Published: 2026-07-07 07:55 - Updated: 2026-07-10 18:40A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64 | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le | — |
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64 | — |
Workaround
|
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images.",
"title": "Topic"
},
{
"category": "general",
"text": "Assisted Installer RHEL 8 integrates components for the general multicluster engine\nfor Kubernetes 2.6.12 release that simplify the process of deploying OpenShift Container\nPlatform clusters.\n\nThe multicluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters, or to import existing Kubernetes-based clusters for management.\n\nAfter the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36105",
"url": "https://access.redhat.com/errata/RHSA-2026:36105"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39828",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53488",
"url": "https://access.redhat.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36105.json"
}
],
"title": "Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.6.12",
"tracking": {
"current_release_date": "2026-07-10T18:40:52+00:00",
"generator": {
"date": "2026-07-10T18:40:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:36105",
"initial_release_date": "2026-07-07T07:55:03+00:00",
"revision_history": [
{
"date": "2026-07-07T07:55:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-07T07:55:09+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T18:40:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "multicluster engine for Kubernetes 2.6",
"product": {
"name": "multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_engine:2.6::el8"
}
}
}
],
"category": "product_family",
"name": "multicluster engine for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel8@sha256%3Ab1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-rhel8\u0026tag=1783407900"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel8@sha256%3A15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8\u0026tag=1783407939"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-8-rhel8@sha256%3A9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-8-rhel8\u0026tag=1783332008"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel8@sha256%3A26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-rhel8\u0026tag=1783407900"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel8@sha256%3A2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8\u0026tag=1783407939"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-8-rhel8@sha256%3A26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-8-rhel8\u0026tag=1783332008"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel8@sha256%3A99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-rhel8\u0026tag=1783407900"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel8@sha256%3A13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8\u0026tag=1783407939"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-8-rhel8@sha256%3A7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-8-rhel8\u0026tag=1783332008"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel8@sha256%3A6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-rhel8\u0026tag=1783407900"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel8@sha256%3A887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8\u0026tag=1783407939"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-8-rhel8@sha256%3Aa7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-8-rhel8\u0026tag=1783332008"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64 as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64 as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64 as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64 as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64 as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64 as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T07:55:03+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.11.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36105"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39828",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:46.775641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480687"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important security flaw in the `golang.org/x/crypto/ssh` library. When an SSH server utilizing this library is configured with specific authentication callbacks that return a `PartialSuccessError` with non-nil permissions, an attacker could bypass intended certificate restrictions, such as `force-command`. This bypass could lead to unauthorized command execution or access on affected Red Hat systems configured with multi-factor authentication and certificate-based access controls.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "RHBZ#2480687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39828"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://go.dev/cl/781621",
"url": "https://go.dev/cl/781621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79562",
"url": "https://go.dev/issue/79562"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5014",
"url": "https://pkg.go.dev/vuln/GO-2026-5014"
}
],
"release_date": "2026-05-22T02:31:26.883000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T07:55:03+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.11.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36105"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions"
},
{
"cve": "CVE-2026-53488",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-07-01T02:01:09.589815+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2495815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in containerd where the CRI plugin propagates labels from an image configuration (LABEL instruction in a Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host via a plugin that consumes container labels for operations, such as the restart-monitor binary:// logger. An attacker who can cause a crafted container image to be pulled and run can achieve host-level code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "RHBZ#2495815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp"
}
],
"release_date": "2026-07-01T00:11:20.610000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T07:55:03+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.11.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36105"
},
{
"category": "workaround",
"details": "Restrict container image pulls to trusted registries using admission policies or image signature verification. Where containerd is used as the container runtime, disable or restrict the binary:// logger URI scheme in the containerd configuration to prevent the label-to-logger attack path.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:13af28ec463e2877e106c0f36881e26033532a7681a282de6b988d2cddf74f7d_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:15066fae8152efb67cd9f839af234cb21d1f88e3d75c0419c0563c5d0f1dd692_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:2cbf7b3ece78f963ffb9fc60b2ecf4c4440361750d4d3964142ef8bdac527379_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel8@sha256:887035814ff7e6e0ff72019eed37277aa535389de65971fd6a4fac3acd32a84c_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:26ba753fd18a3d966755a548331401e68abc2791a077ad370f2a955a32d7677f_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:6e76d785acd383c4123195401363e1c4a9ea00fba18a25bc4ef98f33f29c5083_s390x",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:99978f203298eee00bf5eb951506630115d1e9afae26469c98ff6cd271a4d1fe_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-installer-rhel8@sha256:b1eb0d2804359d83c18c8eec4dc663001b7f89e954a31fd2c47053c27cb4437e_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:26ab409373069765e56e7b056702ac3d5e527191da6937e547fe4ab934fac1e4_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:7d2d22ecbe79b676d7e08eb9675645212f06b1975bf6b320a53f2c83913e79dd_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:9c57a27b244c777a94846abc3c7738efe972ae1d39453bc6363a417a6587f1d9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-8-rhel8@sha256:a7ed7fb0b19759c868ff4c6453753b2d80596802c182b5da76e6ff706fc18551_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin"
}
]
}
RHSA-2026:36167
Vulnerability from csaf_redhat - Published: 2026-07-07 08:06 - Updated: 2026-07-10 18:40A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x | — |
Vendor Fix
fix
Workaround
|
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.6.12 General Availability release, with updates to container images.",
"title": "Topic"
},
{
"category": "general",
"text": "Assisted Installer RHEL 9 integrates components for the general multicluster engine\nfor Kubernetes 2.6.12 release that simplify the process of deploying OpenShift Container\nPlatform clusters.\n\nThe multicluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters, or to import existing Kubernetes-based clusters for management.\n\nAfter the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:36167",
"url": "https://access.redhat.com/errata/RHSA-2026:36167"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39821",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39828",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-53488",
"url": "https://access.redhat.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_36167.json"
}
],
"title": "Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.6.12",
"tracking": {
"current_release_date": "2026-07-10T18:40:54+00:00",
"generator": {
"date": "2026-07-10T18:40:54+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:36167",
"initial_release_date": "2026-07-07T08:06:49+00:00",
"revision_history": [
{
"date": "2026-07-07T08:06:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-07T08:06:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T18:40:54+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "multicluster engine for Kubernetes 2.6",
"product": {
"name": "multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_engine:2.6::el9"
}
}
}
],
"category": "product_family",
"name": "multicluster engine for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-9-rhel9\u0026tag=1783333268"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3Ad9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-9-rhel9\u0026tag=1783333268"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-9-rhel9\u0026tag=1783333268"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3Aea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine/assisted-service-9-rhel9\u0026tag=1783333268"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64 as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64 as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x as a component of multicluster engine for Kubernetes 2.6",
"product_id": "multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-39821",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-05-22T16:00:52.844126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480756"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/idna. ToASCII and ToUnicode incorrectly accept Punycode-encoded labels that decode to an ASCII-only hostname (for example, xn--example-.com returns example.com instead of an error). Applications that validate the ASCII form then convert to Unicode may grant access to a restricted hostname the ASCII check would have rejected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "golang.org/x/net/idna is vulnerable to privilege escalation through incorrect Punycode label handling in ToASCII and ToUnicode. An attacker who can supply a Punycode hostname that passes an ASCII-only authorization check may have it normalized to a restricted ASCII name the application intended to block. Red Hat exposure is broad across products shipping the Go toolchain or bundling golang.org/x/net, including RHEL and RHEL-AI golang RPMs, hummingbird Go runtimes, OpenShift and ODF container builds, and Ceph/OpenShift components compiled against affected x/net versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "RHBZ#2480756",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39821",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39821"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39821"
},
{
"category": "external",
"summary": "https://go.dev/cl/767220",
"url": "https://go.dev/cl/767220"
},
{
"category": "external",
"summary": "https://go.dev/issue/78760",
"url": "https://go.dev/issue/78760"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8",
"url": "https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5026",
"url": "https://pkg.go.dev/vuln/GO-2026-5026"
}
],
"release_date": "2026-05-22T15:01:21.462000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T08:06:49+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.11.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36167"
},
{
"category": "workaround",
"details": "Upgrade to a fixed golang.org/x/net release that includes the idna correction, via updated golang or dependent package rebuilds.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing"
},
{
"cve": "CVE-2026-39828",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:46.775641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480687"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important security flaw in the `golang.org/x/crypto/ssh` library. When an SSH server utilizing this library is configured with specific authentication callbacks that return a `PartialSuccessError` with non-nil permissions, an attacker could bypass intended certificate restrictions, such as `force-command`. This bypass could lead to unauthorized command execution or access on affected Red Hat systems configured with multi-factor authentication and certificate-based access controls.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "RHBZ#2480687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39828"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://go.dev/cl/781621",
"url": "https://go.dev/cl/781621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79562",
"url": "https://go.dev/issue/79562"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5014",
"url": "https://pkg.go.dev/vuln/GO-2026-5014"
}
],
"release_date": "2026-05-22T02:31:26.883000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T08:06:49+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.11.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36167"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions"
},
{
"cve": "CVE-2026-53488",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-07-01T02:01:09.589815+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2495815"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface (CRI) plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands on the host system through a plugin that processes these unvalidated labels. The primary impact is host-root command execution, allowing unauthorized control over the underlying system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in containerd where the CRI plugin propagates labels from an image configuration (LABEL instruction in a Dockerfile) to a container without validation. This may result in executing an arbitrary command on the host via a plugin that consumes container labels for operations, such as the restart-monitor binary:// logger. An attacker who can cause a crafted container image to be pulled and run can achieve host-level code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-53488"
},
{
"category": "external",
"summary": "RHBZ#2495815",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2495815"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-53488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-53488"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53488"
},
{
"category": "external",
"summary": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp",
"url": "https://github.com/containerd/containerd/security/advisories/GHSA-xhf5-7wjv-pqxp"
}
],
"release_date": "2026-07-01T00:11:20.610000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-07T08:06:49+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.11.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:36167"
},
{
"category": "workaround",
"details": "Restrict container image pulls to trusted registries using admission policies or image signature verification. Where containerd is used as the container runtime, disable or restrict the binary:// logger URI scheme in the containerd configuration to prevent the label-to-logger attack path.",
"product_ids": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:0dea3f88818977c2392172f46f00c2298360811d7f1d8a8878a947ee986f68e9_amd64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:88a25f8f2cc5c935b8b6f7ffda5beac8d58e3370051cb704dcba9f7fc2c446c4_ppc64le",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:d9d180f6958fbaf250b99cb10d3c955dde07037c01fc39936b74e9cd2484d486_arm64",
"multicluster engine for Kubernetes 2.6:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:ea5ac20c57933b17e55ae6e629ec272f385c3c61d12d0cf91678b6bda12396c8_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/containerd/containerd: containerd: Host-root command execution via unvalidated image config labels in CRI plugin"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.